Skoči na glavni sadržaj

Izvorni znanstveni članak

https://doi.org/10.17559/TV-20150513123751

Evidential Reasoning Approach to Behavioural Analysis of ICT Users’ Security Awareness

Tomislav Galba ; Faculty of Electrical Engineering, Computer Science and Information Technology Osijek, J. J. Strossmayer University of Osijek, Kneza Trpimira 2b, 31000 Osijek, Croatia
Kresimir Solic ; Faculty of Medicine, J. J. Strossmayer University of Osijek, Cara Hadrijana 10/E, 31000 Osijek, Croatia
Kresimir Nenadic ; Faculty of Electrical Engineering, Computer Science and Information Technology Osijek, J. J. Strossmayer University of Osijek, Kneza Trpimira 2b, 31000 Osijek, Croatia


Puni tekst: engleski pdf 409 Kb

str. 309-315

preuzimanja: 975

citiraj


Sažetak

The role of ICT system’s user should be taken into consideration when developing different information security solutions because user, as its constitutive element, can significantly affect overall system security with his/her potentially risky behaviour depending on the level of user’s security awareness. In this paper authors propose risk assessment approach of ICT users’ behaviour based on the evidential reasoning technique. Performance testing was compared using combination of cluster analysis and discriminant analysis while empirical analysis was conducted on the total of 627 e-mail users grouped regarding gender, age, technical background knowledge and level of experience. Assessment methodology used in this paper has proven to be well suited for evaluation of users’ awareness and identification of their potentially risky behaviour. Results of empirical analysis showed that all groups of users got overall utility grade higher than the simulated "minimally enough aware" user, but less than “average awareness” grade. As users of all groups are highly critical towards collocutor, it can mean that users are quite aware about the importance of information security foundation, but also about lack of knowledge regarding different security issues. Another possible reason may be the users’ negligence toward security guidelines and protocols.

Ključne riječi

behavioural analysis; cluster analysis; evidential reasoning approach; information security; users’ awareness

Hrčak ID:

199124

URI

https://hrcak.srce.hr/199124

Datum izdavanja:

21.4.2018.

Posjeta: 2.204 *