Security economics, security modelling, and policy

  1. Albesë Demjaha, Tristan Caulfield, M. Angela Sasse, and David Pym. Fast 2 Secure: A Case Study of Post-Breach Security Changes. In: Proc. 4th European Workshop on Usable Security, EuroUSEC 2019, IEEE 2019. Stockholm, Sweden, June 20, 2019. To appear: IEEE Xplore. Manuscript.

  2. J.M. Spring, T. Moore, and D. Pym. Practicing a Science of Security: A Philosophy of Science Perspective. To appear: Proc. New Security Paradigms Workshop, Islamorada, FL, USA, 2-4 Oct., 2017. doi: 10.475/xxx_x. Manuscript.

  3. T. Caulfield, C. Ioannidis, and D. Pym. The U.S. Vulnerabilities Equities Process: An Economic Perspective. Proc. GameSec 2017, LNCS 10575:131–150, 2017, 2017. Manuscript.

  4. T. Caulfield, C. Ioannidis, and D. Pym. On the adoption of privacy-enhancing technologies. Proc. GameSec 2016, LNCS 9996:175-194, 2016. Manuscript.

  5. C. Ioannidis, D. Pym, and J. Williams (2016). Is Public Co-Ordination of Investment in Information Security Desirable? Journal of Information Security 7, 60-80, 2016. doi: 10.4236/jis.2016.72005.

  6. A. Baldwin, I. Gheyas, C. Ioannidis, D. Pym, and J. Williams. Contagion in Cybersecurity Attacks. J. of the Operational Research Society, 68(7):780–791, 2017. doi: 10.1057/jors.2016.37. Manuscript.

  7. T. Caulfield, C. Ioannidis, and D. Pym. Discrete Choice, Social Interaction, and Policy in Encryption Technology Adoption. Proc. Financial Cryptography and Data Security 2016. Manuscript.

  8. T. Caulfield and D. Pym. Modelling and Simulating Systems Security Policy. In Proc. SIMUTools 2015, ACM Digital Library SIMUTools 2015 . The Julia package used for creating system models may be obtained from GitHub here.

  9. T. Caulfield and D. Pym. Improving Security Policy Decisions with Models. IEEE Security and Privacy, 13(5), 34-41, Sept/Oct 2015. Manuscript. The Julia package used for creating system models may be obtained from GitHub here.

  10. T. Caulfield, D. Pym, and J. Williams. Compositional Security Modelling: Structure, Economics, and Behaviour. LNCS 8533: 233–245, 2014. Manuscript.

  11. C. Ioannidis, D. Pym, J. Williams, and I. Gheyas. Resilience in Information Stewardship. In Proc. WEIS 2014, Pennsylvania State University, June 2014. Paper.

  12. C. Ioannidis, D. Pym, and J. Williams. Sustainability in Information Stewardship: Time Preferences, Externalities, and Social Co-ordination. In Proc. WEIS 2013, Georgetown University, June 2013. Paper.

  13. G. Anderson. M. Collinson, and D. Pym. Utility-based Decision-making in Distributed Systems Modelling [Extended Abstract]. Proc. TARK 2013, Burkhard C. Schipper (editor), Chennai, 2013. Computing Research Repository (CoRR): ISBN: 978-0-615-74716-3.

  14. C. Ioannidis, D. Pym, and J. Williams. Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach. In Economics of Security and Privacy III, Bruce Schneier (editor), Springer 2012. pp. 171–192. Manuscript.

  15. C. Ioannidis, D. Pym, and J. Williams. Information Security Trade-offs and Optimal Patching Policies. European Journal of Operational Research, 216(2):434-444, 2012.

  16. D. Pym and S. Shiu. Information Stewardship in the Cloud. IISP Pulse 7 Winter 2011: 6-8. Available at:

  17. Contributor to the ENISA report Economics of Security: Facing the Challenges. Luxembourg: Publications Office of the European Union, 2012. ISBN: 978-92-9204-057-4, doi: 10.2824/23063.

  18. D. Pym and S. Shiu. Security Analytics: Bringing Science to Security Management. IISP Pulse 4 Summer 2010: 12-13. Available at

  19. A. Baldwin, D. Pym, M. Sadler, and Simon Shiu. Information Stewardship in Cloud Ecosystems: Towards Models, Economics, and Delivery. Proc. CloudCom 2011. IEEE Digital Library, 784–791, 2011. doi: 10.1109/CloudCom.2011.121.

  20. Yolanta Beresnevichiene, David Pym, and Simon Shiu. Decision Support for Systems Security Investment. Proc. Business-driven IT Management (BDIM) 2010. IEEE Xplore, 2010. Available here.

  21. Information Stewardship in the Cloud: A Model-based Approach. David Pym, Martin Sadler, Simon Shiu, and Marco Casassa Mont. Proc. CloudComp 2010.

  22. David Pym and Martin Sadler. Information Stewardship in Cloud Computing. International Journal of Service Science, Management, Engineering, and Technology 1(1), 50–67, 2010.

  23. A. Beautement et al. Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security. In Managing Information Risk and the Economics of Security. M. Eric Johnson (editor), Springer, 2009: 141–163.

  24. C. Ioannidis, D. Pym, and J. Williams. Investments and Trade-offs in the Economics of Information Security. Proc. Financial Cryptography and Data Security 2009, LNCS 5628: 148-162, 2009.

  25. D. Pym. Keynote Presentation at the ESRC Public Policy Seminar on the Economics of Information Security, Hewlett-Packard Laboratories, 2009. Available here.