Seeking Risks: Towards a Quantitative Risk Perception Measure

Abstract : Existing instruments for measuring risk perception have focused on an abstract version of the concept, without diving into the the details of what forms the perception of likelihood and impact. However, as information security risks become increasingly complex and difficult for users to understand, this approach may be less feasible. The average user may be able to imagine the worst case scenario should an asset be compromised by an attacker, but he has few means to determine the likelihood of this happening. In this paper we therefore propose a different approach to measuring risk perception. Based on well established concepts from formal risk analysis, we define an instrument to measure users’ risk perception that combines the strengths of both traditional risk perception and formal risk analysis. By being more explicit and specific concerning possible attackers, existing security measures and vulnerabilities, users will be more able to give meaningful answers to scale items, thereby providing a better and more explanatory measure of risk perception. As part of the instrument development we also elaborate on construct definitions, construct types and the relationship between these and the corresponding risk perception instrument. Although it remains to be verified empirically, the validity of the measure is discussed by linking it to well established theory and practice.
Document type :
Conference papers
Complete list of metadatas

Cited literature [35 references]  Display  Hide  Download

https://hal.inria.fr/hal-01506790
Contributor : Hal Ifip <>
Submitted on : Wednesday, April 12, 2017 - 11:19:17 AM
Last modification on : Wednesday, April 12, 2017 - 1:43:39 PM
Long-term archiving on: Thursday, July 13, 2017 - 12:34:47 PM

File

978-3-642-40511-2_18_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

  • HAL Id : hal-01506790, version 1

Citation

Åsmund Nyre, Martin Jaatun. Seeking Risks: Towards a Quantitative Risk Perception Measure. 1st Cross-Domain Conference and Workshop on Availability, Reliability, and Security in Information Systems (CD-ARES), Sep 2013, Regensburg, Germany. pp.256-271. ⟨hal-01506790⟩

Share

Metrics

Record views

106

Files downloads

457