[go: up one dir, main page]
loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Henrik Karlzen ; Johan Bengtsson and Jonas Hallberg

Affiliation: Swedish Defence Research Agency, Sweden

Keyword(s): Information Security, Risk Assessments, Threat Descriptions, Risk Perception, Structure.

Abstract: Assessing information security risks has proven difficult, with prevalent methods lacking clarity and resulting in assessments that vary with the rater. In this paper, we use a questionnaire based approach to investigate whether a more structured method, partitioning threat descriptions into smaller parts, can be useful. Although the new method did not result in less cognitive load, lower uncertainty, or overall reduced rater-dependency, there were strong indications that it lowered rater-dependency among raters with the highest expertise, reaching the consensus levels of experts in the intrusion detection domain. Conversely, non-experts seem to perform better with the traditional descriptive method. Caution is needed when interpreting this, as the Dunning-Kruger effect may have skewed the self-reporting of expertise. Further, the less certain raters were more prone to rate severity lower, indicating the missing variable of risk aversion. Moreover, other kinds of bias are discussed, and further structuring is proposed. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 142.171.178.55

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Karlzen, H.; Bengtsson, J. and Hallberg, J. (2018). A Test of Structured Threat Descriptions for Information Security Risk Assessments. In Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-282-0; ISSN 2184-4356, SciTePress, pages 469-476. DOI: 10.5220/0006719604690476

@conference{icissp18,
author={Henrik Karlzen. and Johan Bengtsson. and Jonas Hallberg.},
title={A Test of Structured Threat Descriptions for Information Security Risk Assessments},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP},
year={2018},
pages={469-476},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006719604690476},
isbn={978-989-758-282-0},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP
TI - A Test of Structured Threat Descriptions for Information Security Risk Assessments
SN - 978-989-758-282-0
IS - 2184-4356
AU - Karlzen, H.
AU - Bengtsson, J.
AU - Hallberg, J.
PY - 2018
SP - 469
EP - 476
DO - 10.5220/0006719604690476
PB - SciTePress