Australian Information Security Management Conference

Document Type

Conference Proceeding


SRI Security Research Institute, Edith Cowan University, Perth, Western Australia


10th Australian Information Security Management Conference, Novotel Langley Hotel, Perth, Western Australia, 3rd-5th December, 2012


The advancement of the Internet has provided access to a wide variety of online services such as banking, e-commerce, social networking and entertainment. The wide availability and popularity of the Internet has also led to the rise in risks and threats to users, as criminals have taken an increasingly active role in abusing innocent users. Current risk analysis tools, techniques and methods available do not cater for home users but are tailored for large organisations. The tools require expertise to use them and they are expensive to purchase. What is available for home users are generic information portals that provide a whole-host of awareness raising information, much of which will have varying degrees of usefulness depending upon the particular individual, their technology usage and prior knowledge. As such a tool is required that can bridge the gap between bespoke risk assessment approaches that provide tailored information and broad-spectrum approaches that simply provide all information regardless of its relevance. The paper proposes a web-based risk analysis tool for home users that is simple to use, requires no prior knowledge or expertise of security and can provide bespoke and tailored guidance on improving a users security posture. The tool follows a simple step procedure for gathering key asset and behavioural information to inform the risk profiling process. A prototype was developed and evaluated by a sample of home users and 93% of the participants found the tool to be helpful and very informative.