Seeking Risks: Towards a Quantitative Risk Perception Measure

Abstract : Existing instruments for measuring risk perception have focused on an abstract version of the concept, without diving into the the details of what forms the perception of likelihood and impact. However, as information security risks become increasingly complex and difficult for users to understand, this approach may be less feasible. The average user may be able to imagine the worst case scenario should an asset be compromised by an attacker, but he has few means to determine the likelihood of this happening. In this paper we therefore propose a different approach to measuring risk perception. Based on well established concepts from formal risk analysis, we define an instrument to measure users’ risk perception that combines the strengths of both traditional risk perception and formal risk analysis. By being more explicit and specific concerning possible attackers, existing security measures and vulnerabilities, users will be more able to give meaningful answers to scale items, thereby providing a better and more explanatory measure of risk perception. As part of the instrument development we also elaborate on construct definitions, construct types and the relationship between these and the corresponding risk perception instrument. Although it remains to be verified empirically, the validity of the measure is discussed by linking it to well established theory and practice.
Type de document :
Communication dans un congrès
Alfredo Cuzzocrea; Christian Kittl; Dimitris E. Simos; Edgar Weippl; Lida Xu. 1st Cross-Domain Conference and Workshop on Availability, Reliability, and Security in Information Systems (CD-ARES), Sep 2013, Regensburg, Germany. Springer, Lecture Notes in Computer Science, LNCS-8127, pp.256-271, 2013, Availability, Reliability, and Security in Information Systems and HCI
Liste complète des métadonnées

Littérature citée [35 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01506790
Contributeur : Hal Ifip <>
Soumis le : mercredi 12 avril 2017 - 11:19:17
Dernière modification le : mercredi 12 avril 2017 - 13:43:39
Document(s) archivé(s) le : jeudi 13 juillet 2017 - 12:34:47

Fichier

978-3-642-40511-2_18_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

  • HAL Id : hal-01506790, version 1

Citation

Åsmund Nyre, Martin Jaatun. Seeking Risks: Towards a Quantitative Risk Perception Measure. Alfredo Cuzzocrea; Christian Kittl; Dimitris E. Simos; Edgar Weippl; Lida Xu. 1st Cross-Domain Conference and Workshop on Availability, Reliability, and Security in Information Systems (CD-ARES), Sep 2013, Regensburg, Germany. Springer, Lecture Notes in Computer Science, LNCS-8127, pp.256-271, 2013, Availability, Reliability, and Security in Information Systems and HCI. 〈hal-01506790〉

Partager

Métriques

Consultations de la notice

68

Téléchargements de fichiers

60