Using Risk Analysis to Assess User Trust

Brændeland, Gyrd; Stølen, Ketil

doi:10.1007/978-3-540-24747-0_12

Gyrd Brændeland⁷ &
Ketil Stølen^7,8

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2995))

Included in the following conference series:

International Conference on Trust Management

1368 Accesses
7 Citations

Abstract

The paper advocates asset-oriented risk analysis as a means to help defend user trust. The paper focuses on a net-bank scenario, and addresses the issue of analysing trust from the perspective of the bank. The proposed approach defines user trust as an asset and makes use of asset-oriented risk analysis to identify treats, vulnerabilities and unwanted incidents that may reduce user trust.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Australian/New Zealand Standard for Risk Management 4360:1999
Google Scholar
Aagedal, J.Ø., den Braber, F., Dimitrakos, T., Gran, B.A., Raptis, D., Stølen, K.: Model-based risk assessment to improve enterprise security. In: EDOC 2002, pp. 51–62. IEEE Computer Society, Los Alamitos (2002)
Google Scholar
Bjørkeng, P.K., Haraldsen, C., Stenseng, S.: Strykkarakter til internett-bank. Aftenposten (August 2000)
Google Scholar
Bouti, A., Kadi, D.A.: A state-of-the-art review of FMEA/FMECA. International journal of reliability, quality and safety engineering 1, 515–543 (1994)
Article Google Scholar
Dimitrakos, T., Ritchie, B., Raptis, D., Aagedal, J.Ø., den Braber, F., Stølen, K., Houmb, S.-H.: Integrating model-based security risk managament into ebusiness systems development: The coras approach. In: I3E 2002, pp. 159–175. Kluwer, Dordrecht (2002)
Google Scholar
Egger, F.N.: Towards a model of trust for e-commerce system design. In: CHI 2000: Workshop Designing Interactive Systems for 1-to-1 E-commerce (April 2000), http://www.zurich.ibm.com/~mrs/chi2000/contributions/egger.html
Egger, F.N.: From Interactions to Transactions: Designing the Trust Experience for Business-to-Consumer Electronic Commerce. PhD thesis, Eindhoven University of Technology (2003)
Google Scholar
Fogg, B., Soohoo, C., Danielson, D., Marable, L., Stanford, J., Tauber, E.R.: How do people evaluate a web sites credibility? Technical report, Stanford Persuasive Technology Lab (October 2002), http://www.consumerwebwatch.org/news/report3_credibilityresearch/stanfordPTL_abstract.htm
Fogg, B.J.: Persuasive Technology. Using Computers to Change What We Think and Do. Morgan Kaufman Publishers, San Francisco (December 2002)
Google Scholar
Fogg, B.J., Tseng, H.: The elements of computer credibility. In: Proceedings of the SIGCHI conference on Human factors in computing systems, pp. 80–87. ACM Press, New York (1999)
Google Scholar
Herrmann, P.: How to integrate trust management into a risk analysis process. In: Second Internal iTrust Workshop On Trust Management In Dynamic Open Systems (September 2003)
Google Scholar
IEC 1025. Fault Tree Analysis, FTA (1990)
Google Scholar
ISO/IEC TR 13335-1. Information Technology - Guidelines for the management of IT Security - Part 1: Concepts and models for IT security (2001)
Google Scholar
Jones, A.J.I.: The open agent society, ch. 3. A logical framework. John Wiley & Sons, Chichester (2004)
Google Scholar
Jones, S., Wilikens, M., Morris, P., Masera, M.: Trust requirements in e-business. Communications of the ACM 43(12), 81–87 (2000)
Article Google Scholar
Jøsang, A., Knapskog, S.: A metric for trusted systems. In: 21st National Security Conference (1998), http://csrc.nist.gov/nissc/1998/proceedings/paperA2.pdf
Koufaris, M., Hampton-Sosa, W.: Customer trust online: Examening the role of the experience with the web site. Technical Report #CIS-2002-05, Department of Statistics & Computer informations systems. Zicklin school of business, Baruch college, CIS Working paper series (May 2002)
Google Scholar
Lund, M.S., Hogganvik, I., Seehusen, F., Stølen, K.: UML profile for security assessment. Technical Report STF40 A03066, SINTEF Telecom and informatics (December 2003)
Google Scholar
Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Academy of management review 20(3), 709–734 (1995)
Article Google Scholar
Redmill, F., Chudleigh, M., Catmur, J.: Hazop and software hazop. Wiley, Chichester (1999)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Informatics, University of Oslo, Norway
Gyrd Brændeland & Ketil Stølen
SINTEF ICT, Norway
Ketil Stølen

Authors

Gyrd Brændeland
View author publications
You can also search for this author in PubMed Google Scholar
Ketil Stølen
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Informatics and Mathematical Modelling, Technical University of Denmark, 2800, Lyngby, Denmark
Christian Jensen
Department of Electronic Engineering, Queen Mary, University of London, Mile End Road, E1 4NS, London, UK
Stefan Poslad
BT Group Chief Technology Office, IP5 3RE, Ipswich, UK
Theo Dimitrakos

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Brændeland, G., Stølen, K. (2004). Using Risk Analysis to Assess User Trust. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds) Trust Management. iTrust 2004. Lecture Notes in Computer Science, vol 2995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24747-0_12

Download citation

DOI: https://doi.org/10.1007/978-3-540-24747-0_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21312-3
Online ISBN: 978-3-540-24747-0
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics