Abstract
The paper advocates asset-oriented risk analysis as a means to help defend user trust. The paper focuses on a net-bank scenario, and addresses the issue of analysing trust from the perspective of the bank. The proposed approach defines user trust as an asset and makes use of asset-oriented risk analysis to identify treats, vulnerabilities and unwanted incidents that may reduce user trust.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Australian/New Zealand Standard for Risk Management 4360:1999
Aagedal, J.Ø., den Braber, F., Dimitrakos, T., Gran, B.A., Raptis, D., Stølen, K.: Model-based risk assessment to improve enterprise security. In: EDOC 2002, pp. 51–62. IEEE Computer Society, Los Alamitos (2002)
Bjørkeng, P.K., Haraldsen, C., Stenseng, S.: Strykkarakter til internett-bank. Aftenposten (August 2000)
Bouti, A., Kadi, D.A.: A state-of-the-art review of FMEA/FMECA. International journal of reliability, quality and safety engineering 1, 515–543 (1994)
Dimitrakos, T., Ritchie, B., Raptis, D., Aagedal, J.Ø., den Braber, F., Stølen, K., Houmb, S.-H.: Integrating model-based security risk managament into ebusiness systems development: The coras approach. In: I3E 2002, pp. 159–175. Kluwer, Dordrecht (2002)
Egger, F.N.: Towards a model of trust for e-commerce system design. In: CHI 2000: Workshop Designing Interactive Systems for 1-to-1 E-commerce (April 2000), http://www.zurich.ibm.com/~mrs/chi2000/contributions/egger.html
Egger, F.N.: From Interactions to Transactions: Designing the Trust Experience for Business-to-Consumer Electronic Commerce. PhD thesis, Eindhoven University of Technology (2003)
Fogg, B., Soohoo, C., Danielson, D., Marable, L., Stanford, J., Tauber, E.R.: How do people evaluate a web sites credibility? Technical report, Stanford Persuasive Technology Lab (October 2002), http://www.consumerwebwatch.org/news/report3_credibilityresearch/stanfordPTL_abstract.htm
Fogg, B.J.: Persuasive Technology. Using Computers to Change What We Think and Do. Morgan Kaufman Publishers, San Francisco (December 2002)
Fogg, B.J., Tseng, H.: The elements of computer credibility. In: Proceedings of the SIGCHI conference on Human factors in computing systems, pp. 80–87. ACM Press, New York (1999)
Herrmann, P.: How to integrate trust management into a risk analysis process. In: Second Internal iTrust Workshop On Trust Management In Dynamic Open Systems (September 2003)
IEC 1025. Fault Tree Analysis, FTA (1990)
ISO/IEC TR 13335-1. Information Technology - Guidelines for the management of IT Security - Part 1: Concepts and models for IT security (2001)
Jones, A.J.I.: The open agent society, ch. 3. A logical framework. John Wiley & Sons, Chichester (2004)
Jones, S., Wilikens, M., Morris, P., Masera, M.: Trust requirements in e-business. Communications of the ACM 43(12), 81–87 (2000)
Jøsang, A., Knapskog, S.: A metric for trusted systems. In: 21st National Security Conference (1998), http://csrc.nist.gov/nissc/1998/proceedings/paperA2.pdf
Koufaris, M., Hampton-Sosa, W.: Customer trust online: Examening the role of the experience with the web site. Technical Report #CIS-2002-05, Department of Statistics & Computer informations systems. Zicklin school of business, Baruch college, CIS Working paper series (May 2002)
Lund, M.S., Hogganvik, I., Seehusen, F., Stølen, K.: UML profile for security assessment. Technical Report STF40 A03066, SINTEF Telecom and informatics (December 2003)
Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Academy of management review 20(3), 709–734 (1995)
Redmill, F., Chudleigh, M., Catmur, J.: Hazop and software hazop. Wiley, Chichester (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brændeland, G., Stølen, K. (2004). Using Risk Analysis to Assess User Trust. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds) Trust Management. iTrust 2004. Lecture Notes in Computer Science, vol 2995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24747-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-24747-0_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21312-3
Online ISBN: 978-3-540-24747-0
eBook Packages: Springer Book Archive