The goal of this project (Sanders, PI) is to develop collaborative, scientifically grounded, decision-making tools for information security investments in private or public organizations, combining human, business, and technological concerns, and to demonstrate its use in a real-life case study. The key output of this research will be a data-driven, model-based methodology for security investment decision-making, with associated software tool support. The main scientific contributions will be new abstractions for modeling human behavior, and techniques and tools for optimization of the associated data collection strategy. The impact of our scientific contributions will be twofold: we will establish 1) reusable, generic modeling constructs for human behavior that alleviate the need to reinvent models for each case study, and 2) an associated data collection strategy that is optimized automatically for cost and relevance. This project is a collaboration with Newcastle University in the UK.
(Funded by Hewlett-Packard)