CTIT University of Twente
Research Business & Innovation About CTIT Research Calls Looking for a job? Intranet

Roeland Kegel

The Personal Information Security Assistant

Description of research


The growing dependence of society on ICT has increased information security risks. We attempt to improve this by focusing on end-users. First, they are the weakest link, as they lack resources and expertise that enterprises have. By strengthening them we remove a large vulnerability in society. Second, they are early adopters of technology and drive change bottom-up.

Our approach is to help end-users perform risk-management. This is an iterative process of defining goals, examining the threats against them, deciding how to act on them, and actually implementing these actions. Risk management is commonplace in enterprises, with demonstrated effectiveness, but it is too complex for end-users. We will simplify it, creating a lightweight risk management process that is usable by end-users. For this we will:


develop a simple but expressive risk ontology to represent risks. We will also


develop a repository of end-user risks, and


design a secure tool that can answer questions about the end-users’ risks (for example of online social networks) and suggest actions to reduce these together with their cost. We will


perform experiments with prototypes on test subjects, to test prototypes’ usability, persuasiveness and effectiveness in reducing risks. Finally we will


use the knowledge gained in these experiments to create one end-user risk management method that can be standardized.


Prof.dr. R.J. Wieringa


November 2013 - November 2017


Personal Information Security Assistant

Funding institution


Links to relevant web pages: