Description of research
The growing dependence of society on ICT has increased information security risks. We attempt to improve this by focusing on end-users. First, they are the weakest link, as they lack resources and expertise that enterprises have. By strengthening them we remove a large vulnerability in society. Second, they are early adopters of technology and drive change bottom-up.
Our approach is to help end-users perform risk-management. This is an iterative process of defining goals, examining the threats against them, deciding how to act on them, and actually implementing these actions. Risk management is commonplace in enterprises, with demonstrated effectiveness, but it is too complex for end-users. We will simplify it, creating a lightweight risk management process that is usable by end-users. For this we will:
- develop a simple but expressive risk ontology to represent risks. We will also
- develop a repository of end-user risks, and
- design a secure tool that can answer questions about the end-users’ risks (for example of online social networks) and suggest actions to reduce these together with their cost. We will
- perform experiments with prototypes on test subjects, to test prototypes’ usability, persuasiveness and effectiveness in reducing risks. Finally we will
- use the knowledge gained in these experiments to create one end-user risk management method that can be standardized.
Prof.dr. R.J. Wieringa
November 2013 - November 2017
Personal Information Security Assistant
Links to relevant web pages: