The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2018, Vol 9, Issue 10
Abstract
The risk of sensitive information disclosure and modification through the use of online services has increased considerably and may result in significant damage. As the management and assessment of such risks is a well-known discipline for organizations, it is a challenge for users from the general public. Users have difficulties in using, understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. Motivated by the lack of risk assessment solutions and limited impact of awareness programs tailored for users of the general public, this paper aims to develop a structured approach to help in protecting users from threats and vulnerabilities and, thus, reducing the overall information security risks. By focusing on the user and that different users react differently to the same stimuli, the authors developed a user-centric risk assessment and response framework that assesses and communicates risk on both user and system level in an individualized, timely and continuous way. Three risk assessment models were proposed that depend on user-centric and behavior-related factors when calculating risk. This framework was evaluated using a scenario-based simulation of a number of users and results analyzed. The analysis demonstrated the effectiveness and feasibility of the proposed approach. Encouragingly, this analysis provided an indication that risk can be assessed differently for the same behavior based upon a number of user-centric and behavioral-related factors resulting in an individualized granular risk score/level. This granular risk assessment, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks.
Authors and Affiliations
Manal Alohali, Nathan Clarke, Steven Furnell
Keywords
Related Articles
- EP ID EP407463
- DOI 10.14569/IJACSA.2018.091018
- Views 74
- Downloads 0
Similarity Calculation Method of Chinese Short Text Based on Semantic Feature Space
In order to improve the accuracy of short text similarity calculation, this paper presents the idea that use the history of short text messages to construct semantic feature space, then use the vector in semantic feature...
Impact of Elliptical Holes Filled with Ethanol on Confinement Loss and Dispersion in Photonic Crystal Fibers
To get a confinement loss value, the weakest possible We have interest to optimize an optical fiber our structure has a cladding which is formed by holes in silica. The geometry of the holes is special because they have...
A Multi-Label Classification Approach Based on Correlations Among Labels
Multi label classification is concerned with learning from a set of instances that are associated with a set of labels, that is, an instance could be associated with multiple labels at the same time. This task occurs fre...
Analysis of End-to-End Packet Delay for Internet of Things in Wireless Communications
Accurate and efficient estimators for End to End delay (E2EPD) plays a significant and critical role in Quality of Service (QoS) provisioning in Internet of Things (IoT) wireless communications. The purpose of this paper...
N-ary Relations of Association in Class Diagrams: Design Patterns
Most of the technology of object-oriented development relies on the use of UML diagrams, in particular, class diagrams. CASE tools, used for automation of object-oriented development, often do not support n-ary associati...