Friday 2nd Mar 2012 – Dr Karen Renaud

Dr Karen Renaud – University of Glasgow

The Real Effects of Password Policies

Users are often considered the weakest link in the security chain because of their poor security behaviour. One area with a vast amount of evidence related to poor behaviour is that of password management.

We have a pretty good idea of the extent to which this behaviour impacts on the individual user’s personal security. Unfortunately, we don’t know what the impact of this kind of behaviour by a number of organisational employees is, on a larger scale, nor do we know how best to intervene so as to improve the general security of an organisation as a whole. Current wisdom mandates the use of policies to curb insecure behaviours but it is clear that this approach has limited effectiveness. Unfortunately, no one really understands how the individual directives contained in the policies impact on the security of the eco-system. Sometimes directives have unexpected side-effects which are not easily anticipated.

It would be very difficult to answer this question in a real-life environment. I will describe a simulation engine which models an organisation with employee agents using a number of systems over an extended period. The simulation is tailorable, allowing tweaking of particular system-wide settings in order to implement policy dictats so as to determine their potential impact on the security of the organisation’s systems.

This tool supports security specialists developing policies within their organisations by quantifying the longitudinal impacts of particular rules.

School of Computing, Robert Gordon University, St Andrew Street, Aberdeen, Lecture Room C48, 14:15 – 15:15.

Additional information available in local news papers and online at
Aberdeen & Grampian Chamber of Commerce
SICSA Latest News

About Admin

School of Computing Science and Digital Media, Robert Gordon University, Aberdeen, Scotland
This entry was posted in Research Seminar. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s