CTIT University of Twente
Research Business & Innovation About CTIT Research Calls Looking for a job? Intranet

PISA

Personal Information Security Assistant

Project Number:

Project Manager: Prof. dr. R.J Wieringa

Faculty of Electrical Engineering, Mathematics and Computer Science

Tel.: +31-53-4894189

Email: r.j.wieringa@utwente.nl

Project website:

Summary

The growing dependence of society on ICT has increased information security risks. We attempt to improve this by focusing on end‐users. First, they are the weakest link, as they lack resources and expertise that enterprises have. By strengthening them we remove a large vulnerability in society. Second, they are early adopters of technology and drive change bottom‐up.

Our approach is to help end‐users perform risk‐management. This 
is an iterative process of defining goals, examining the threats
against them, deciding how to act on them, and actually
implementing these actions. Risk management is commonplace in
enterprises, with demonstrated effectiveness, but it is too
complex for end‐users. We will simplify it, creating a lightweight risk management process that is usable by end‐users. For this we will (1) develop a simple but expressive risk ontology to represent risks. We will also (2) develop a repository of end‐user risks, and (3) design a secure tool that can answer questions about the end‐users’ risks (for example of online social networks) and suggest actions to reduce these together with their cost. We will (4) perform experiments with prototypes on test subjects, to test prototypes’ usability, persuasiveness and effectiveness in reducing risks. Finally we will (5) use the knowledge gained in these experiments to create one end‐user risk management method that can be standardized.

Project duration: 2013-2017

Project Coordinator: University of Twente

Participants: University of Twente, KPN, XS4ALL

Project budget: 333 k-€ / 282 k-€ funding

Involved groups: Information Systems (IS), Distributed and Embedded Security (DIES)