Personal Information Security Assistant
Project Manager: Prof. dr. R.J Wieringa
Faculty of Electrical Engineering, Mathematics and Computer Science
The growing dependence of society on ICT has increased information security risks. We attempt to improve this by focusing on end‐users. First, they are the weakest link, as they lack resources and expertise that enterprises have. By strengthening them we remove a large vulnerability in society. Second, they are early adopters of technology and drive change bottom‐up.
Our approach is to help end‐users perform risk‐management. This
is an iterative process of defining goals, examining the threats
against them, deciding how to act on them, and actually
implementing these actions. Risk management is commonplace in
enterprises, with demonstrated effectiveness, but it is too
complex for end‐users. We will simplify it, creating a lightweight risk management process that is usable by end‐users. For this we will (1) develop a simple but expressive risk ontology to represent risks. We will also (2) develop a repository of end‐user risks, and (3) design a secure tool that can answer questions about the end‐users’ risks (for example of online social networks) and suggest actions to reduce these together with their cost. We will (4) perform experiments with prototypes on test subjects, to test prototypes’ usability, persuasiveness and effectiveness in reducing risks. Finally we will (5) use the knowledge gained in these experiments to create one end‐user risk management method that can be standardized.
Project duration: 2013-2017
Project Coordinator: University of Twente
Participants: University of Twente, KPN, XS4ALL
Project budget: 333 k-€ / 282 k-€ funding
Involved groups: Information Systems (IS), Distributed and Embedded Security (DIES)