Publication details

Home Publications Publication details

Web-Based Risk Analysis and Education for Home Users
Marston J, Clarke NL
Proceedings of the 6th Annual Security Conference, Las Vegas, USA, April 11-12, CD Proceedings (ISBN: 0-9772107-5-8), 2007
Download links:  Download PDF

Broadband Internet access is now widely available to home users, providing better data transfer rates than dial-up Internet access. However this improvement in technology comes at a price with home users at an increased risk of unauthorised access to their resources and information as a result of the ‘always on’ nature of Broadband. These new risks mean that there is a need for home users to undertake a risk analysis of their system in order to ensure effective protection is being provided, given the assets they own. Unfortunately to date, current risk analysis tools have been focussed from an organisational perspective where an expectation exists for prior knowledge of information security and risk analysis. Therefore, a requirement exists for a risk analysis tool specifically tailored for home users.

The tool proposed in this paper is designed around the ISO17799 standard in order to provide a solid foundation, yet only takes advantage of key sections within the standard that are relevant to home user environments. The tool carefully considers the unique circumstances home users present, with varying degrees of security education and knowledge. To this end, the tool is carefully crafted to present a series of questions to the user with varying degrees of additional support and information as and where required. The output of the risk analysis process is a simple easy to understand webpage with links to appropriate sources for additional information and security controls.

Marston J, Clarke NL