The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2018, Vol 9, Issue 10
Abstract
The risk of sensitive information disclosure and modification through the use of online services has increased considerably and may result in significant damage. As the management and assessment of such risks is a well-known discipline for organizations, it is a challenge for users from the general public. Users have difficulties in using, understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. Motivated by the lack of risk assessment solutions and limited impact of awareness programs tailored for users of the general public, this paper aims to develop a structured approach to help in protecting users from threats and vulnerabilities and, thus, reducing the overall information security risks. By focusing on the user and that different users react differently to the same stimuli, the authors developed a user-centric risk assessment and response framework that assesses and communicates risk on both user and system level in an individualized, timely and continuous way. Three risk assessment models were proposed that depend on user-centric and behavior-related factors when calculating risk. This framework was evaluated using a scenario-based simulation of a number of users and results analyzed. The analysis demonstrated the effectiveness and feasibility of the proposed approach. Encouragingly, this analysis provided an indication that risk can be assessed differently for the same behavior based upon a number of user-centric and behavioral-related factors resulting in an individualized granular risk score/level. This granular risk assessment, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks.
Authors and Affiliations
Manal Alohali, Nathan Clarke, Steven Furnell
Keywords
Related Articles
- EP ID EP407463
- DOI 10.14569/IJACSA.2018.091018
- Views 82
- Downloads 0
Fast and Efficient In-Memory Big Data Processing
With the passage of time, the data is growing exponentially and the mostly endured areas are social media networks, media hosting applications, and servers. They have thousands of Tera-bytes of data and the efficient sys...
Benefits Management of Cloud Computing Investments
This paper examines investments in cloud computing using the Benefits Management approach. The major contribution of the paper is to provide a unique insight into how organizations derive value from cloud computing inves...
Machine Learning for Bioclimatic Modelling
Many machine learning (ML) approaches are widely used to generate bioclimatic models for prediction of geographic range of organism as a function of climate. Applications such as prediction of range shift in organism, ra...
A Study on the Effect of Learning Strategy using a Highlighter Pen on Gaze Movement
In this study, we propose a learning strategy using a highlighter pen to improve the learning efficiency of learners. This method makes the important information stand out by colouring text. It is known that highlighting...
A Minimum Number of Features with Full-Accuracy Iris Recognition
A minimum number of features for 100% iris recognition accuracy is developed in this paper. Such number is based on dividing the unwrapped iris into vertical and horizontal segments for a single iris and only vertical se...