Web-Based Risk Analysis for Home Users
The advancement of the Internet has seen more home users becoming connected to superfast broadband. It has also provided access to a wide variety of online services such as banking, e-commerce, social networking and entertainment. The wide availability and popularity of the Internet has also led to the rise in risks and threats to users, as criminals have taken an increasingly active role in abusing innocent users, giving rise to attacks such as unauthorised access, malware attacks, denial of service attacks and identity theft.Magaya RT, Clarke NL
Current risk analysis tools, techniques and methods available do not fully cater for home users but are tailored for large organisations. The tools require expertise to use them, expensive to purchase or simply provide general awareness information. As such a tool is required that can bridge the gap between bespoke risk assessment approaches that provide bespoke information and broad-spectrum approaches that simply provide all information regardless of its relevance.
The paper proposes a web-based risk analysis tool for home users that is based on well-accepted standards (such as the ISO 27002, NIST SP800 and SANS 20 Critical Security Controls guidelines). The tool assists the user in performing risk analysis in an extremely user-friendly fashion and not requiring any prior knowledge and provides tailored information indicating any controls missing, with guidance also on how to implement the recommended tools. In addition the tool will also educate the user by providing information about safe user behaviour. A prototype was developed and evaluated by a sample of home users. 93% of the participants found the tool to be easy to use helpful and very informative.