CTIT University of Twente
Research Business & Innovation About CTIT Research Calls Looking for a job? Intranet

Roeland Kegel

Description of research
The growing dependence of society on ICT has increased information security risks. We attempt to improve this by focusing on end-users. First, they are the weakest link, as they lack resources and expertise that enterprises have. By strengthening them we remove a large vulnerability in society. Second, they are early adopters of technology and drive change bottom-up.

Our approach is to help end-users perform risk-management. This is an iterative process of defining goals, examining the threats against them, deciding how to act on them, and actually implementing these actions. Risk management is commonplace in enterprises, with demonstrated effectiveness, but it is too complex for end-users. We will simplify it, creating a lightweight risk management process that is usable by end-users. For this we will:

  • develop a simple but expressive risk ontology to represent risks. We will also
  • develop a repository of end-user risks, and
  • design a secure tool that can answer questions about the end-users’ risks (for example of online social networks) and suggest actions to reduce these together with their cost. We will
  • perform experiments with prototypes on test subjects, to test prototypes’ usability, persuasiveness and effectiveness in reducing risks. Finally we will
  • use the knowledge gained in these experiments to create one end-user risk management method that can be standardized.

Prof.dr. R.J. Wieringa

November 2013 - November 2017

Personal Information Security Assistant

Funding institution

Links to relevant web pages: