Purpose The purpose of this study is to use a developed and pre-tested scenario-based measurement instrument for policy compliance and determine whether policy compliance measurements in the current policy compliance research are biased as has been postulated during a pre-study. The expected biases are because of social desirability and because of biases based on identity theory. Design/methodology/approach A survey was conducted (n = 54) that used policy compliance scales from literature and the developed self-reporting policy compliance (SRPC) scale, along with the Marlow–Crowne social desirability (MC-SDB) scale. Differences between the policy compliance scales were assessed. Moreover, a transformation of the SRPC measurements into the literature-based scales was examined using pair-wise t-testing. Finally, correlations between the MC-SDB and the policy compliance scales were examined. Findings There are no significant influences on the desire for social approval of the respondents as was exhibited by the MC-SDB values and policy compliance on either scale. However, the SRPC scale measurements show deviations from the literature-based policy compliance scales. Individuals that exhibit secure behaviour, which is not rooted in a policy but rather in anything but the policy, are also captured as being policy compliant in the current scales. This shows that a response bias exists in current scales. Respondents, who perceive to exhibit secure behaviours, may think that they are in compliance with the policy, even when they are not. Practical implications These findings mean that several contributions in the field of policy compliance must be questioned and that a revisit of several factors influencing policy compliance may be required. Originality/value To the best of the authors’ knowledge, response biases in policy compliance research have not been considered to date.
We present a probabilistic (frequentistic) model of trust with efficient Bayesian updating procedures and support of hierarchically structured systems. Trust is highly influenced on information gathered from different sources, like newspaper or scientific reports on the security or vulnerability of computer systems. Assuming text-mining and incident documentation facilities available that provide us with news relevant to a given system, we show how to compile this experience into a stochastic model of trust. In particular, our models admits efficient analysis towards forecasting of possible future issues and the determination of worst-case scenarios for a given security system. We empirically evaluate the sensitivity of the our trust measure based on simulations using a prototype implementation, which closely matches the natural way in which trust is established: it takes a considerably larger lot of positive incidents to outweigh a negative experience. Our model indeed confirms such imbalance. Moreover, as more and more information is going into the trust model, a change of trust in either direction requires an amount of positive or negative experience that almost equals the so-far recorded history. We believe that these effects make the trust model a reasonable choice to resemble the human valuation of trust, while being funded on statistical grounds to be compatible with quantitative or qualitative enterprise risk management. Index Termstrust modelling, IT incident management, security management, knowledge management, risk management, risk forecasting, bayesian learning, system security, information security I. INTRODUCTION Trust is a notoriously vague term, which is roughly understood as the expectation that the performance of a system adheres to its specification, meaning no deviations from the prescribed behavior whatsoever. Alternatively, trust can also mean expecting something not to happen at all, particularly if we express the belief in the intractability of some computational problem. This kind of trust is the fundament of most modern cryptographic primitives today, and justified on empirical grounds and experience.Nevertheless, due to the diversity of applications and their inherent differences in nature, trust is hard to formalize in a general setting, and up to now no commonly accepted definition appeared anywhere. In this work, we propose a very simplistic (as frequentistic) understanding of trust that compiles the experience made with a system into a numerical value reflecting the degree of trust. Updating this model shall be simple in the sense that new experience should directly find its way into the value so as to reach a more and more mature and reliable trust measure.Measuring and forecasting enterprise security risk is often a matter of confidence in the existing security systems, and especially when it comes to liability issues, as for example insurances strongly rely on hypothesis regarding the quality of protection of the insurance's object. It is experience that can either strengthen or...
The present paper documents the development and application of a Knowledge Management (KM) architecture and tool, customized to the specific needs within the Concurr ent Engineering (CE) scenario. The paper gives an overview and update on the recent development work, executed for ESA's Concurr ent Design Facility (CDF). Here, a tailored KM system for the specific needs of the CE design process has been created. An in-depth investigation of the KM awareness within the CE-environment and its participants marked the beginning of the research. The developed KM architecture is divided into four major sections: Capture, Organization, Distribution and Development of knowledge.Every section has several interface modules that are interacting with each other. Tn addition to these, the concept of a Knowledge Unit (KU) is introduced, where its different contents (e.g. documents, trade-off tables, mass summ aries) are stored and linked with so-called metadata, which gives additional infonnation. During a CE-session, engineers do not have the possibility to review extensive report-libraries regarding their relevant subsystem. Therefore, accessing knowledge needs to be straightforward. The challenging task to transfer tacit knowledge elements of CE studies, which are usually created during Round-Tables or Splinter-Meetings, requires new approaches in soft-and hardware support. The developed prototype software platform SPOCK (Software Platform for Organizing & Capturing Knowledge) helps to facilitate all aspects of capturing and distributing knowledge within the Concurr ent Engineering environment.
No abstract
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2025 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
