Seeking Risks: Towards a Quantitative Risk Perception Measure - Availability, Reliability, and Security in Information Systems and HCI
Conference Papers Year : 2013

Seeking Risks: Towards a Quantitative Risk Perception Measure

Abstract

Existing instruments for measuring risk perception have focused on an abstract version of the concept, without diving into the the details of what forms the perception of likelihood and impact. However, as information security risks become increasingly complex and difficult for users to understand, this approach may be less feasible. The average user may be able to imagine the worst case scenario should an asset be compromised by an attacker, but he has few means to determine the likelihood of this happening. In this paper we therefore propose a different approach to measuring risk perception. Based on well established concepts from formal risk analysis, we define an instrument to measure users’ risk perception that combines the strengths of both traditional risk perception and formal risk analysis. By being more explicit and specific concerning possible attackers, existing security measures and vulnerabilities, users will be more able to give meaningful answers to scale items, thereby providing a better and more explanatory measure of risk perception. As part of the instrument development we also elaborate on construct definitions, construct types and the relationship between these and the corresponding risk perception instrument. Although it remains to be verified empirically, the validity of the measure is discussed by linking it to well established theory and practice.
Fichier principal
Vignette du fichier
978-3-642-40511-2_18_Chapter.pdf (250.98 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01506790 , version 1 (12-04-2017)

Licence

Identifiers

  • HAL Id : hal-01506790 , version 1

Cite

Åsmund Ahlmann Nyre, Martin Gilje Jaatun. Seeking Risks: Towards a Quantitative Risk Perception Measure. 1st Cross-Domain Conference and Workshop on Availability, Reliability, and Security in Information Systems (CD-ARES), Sep 2013, Regensburg, Germany. pp.256-271. ⟨hal-01506790⟩
90 View
957 Download

Share

More