Information security risk communication: A user-centric approach

Document Type

Conference Proceeding

Publication Title

2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA)

Publisher

IEEE Computer Society

School

ECU Security Research Institute

RAS ID

45098

Comments

Alohali, M., Clarke, N., & Furnell, S. (2019, November). Information security risk communication: A user-centric approach. In 2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA). IEEE. https://doi.org/10.1109/AICCSA47632.2019.9035361

Abstract

Users have difficulties in understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. In contrast to the traditional one-message/one-size-fits-all approach when communicating risks, this paper aims to propose an individualized and persuasive approach to information security risk communication that goes beyond alerting the user of his insecure behavior to providing a level of security education. By focusing on the user and that different users react differently to the same stimuli, the authors proposed a targeted user-centric approach that communicates risks in a timely and continuous manner using a proposed gradual response mechanism. This user-centric approach is anticipated to help the user in making security-related decisions by educating him about his risk taking behavior in an individualized way. A scenario is assumed to demonstrate how a response decision is made within the proposed approach. This was useful in demonstrating how risk is not the same for all users and how the proposed approach is effective in adapting to differences between users offering a novel approach to communicating information security risks. © 2019 IEEE.

DOI

10.1109/AICCSA47632.2019.9035361

Access Rights

subscription content

Share

 
COinS