University of Cambridge > > Computer Laboratory Security Seminar > The effect of decentralized behavioral decision making on system-level risk

The effect of decentralized behavioral decision making on system-level risk

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Laurent Simon.

Abstract: Certain classes of system-level risk depend partly on decentralized lay decision making. For instance, an organization’s network security risk depends partly on its employees’ responses to phishing attacks. On a larger scale, the risk within a financial system depends partly on households’ responses to mortgage sales pitches. Behavioral economics shows that lay decision makers typically depart in systematic ways from the normative rationality of Expected Utility (EU), and instead display heuristics and biases as captured in the more descriptively accurate Cumulative Prospect Theory (CPT). In turn psychological studies show that successful decep- tion ploys eschew direct logical argumentation and instead employ peripheral-route persuasion, manipulation of visceral emotions, urgency, and familiar contextual cues. Signal Detection The- ory (SDT) offers the standard normative solution, formulated as an optimal cutoff threshold, for distinguishing between good/bad emails or mortgages. In this paper we extend SDT be- haviorally by re-deriving the optimal cutoff threshold under CPT . Furthermore we incorporate the psychology of deception into determination of SDT ’s discriminability parameter. With the neo-additive probability weighting function, the optimal cutoff threshold under CPT is rendered unique under well-behaved sampling distributions, tractable in computation, and transparent in interpretation. The CPT -based cutoff threshold is (i) independent of loss aversion and (ii) more conservative than the classical SDT cutoff threshold. Independently of any possible mis- alignment between individual-level and system-level misclassification costs, decentralized behav- ioral decision makers are biased toward under-detection, and system-level risk is consequently greater than in analyses assuming normative rationality.

Bio: Kim’s research issues from a core interest in decision making under risk and uncertainty. He works with both normative and descriptive behavioural mathematical models as well as the associated empirical models, and he designs and implements laboratory experiments for testing normative and behavioural hypotheses. Kim’s recent projects have addressed questions in the areas of cyber security and financial decision making. Kim is Director of the recently established Lancaster Experimental Economics Laboratory (LExEL) and a member of the LUMS Research Ethics Committee.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2014, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity