Ph.D. started in: 2013
Year of graduation: 2017
COINS consortium member: Norwegian University of Science and Technology
Supervised by: Einar Snekkenes
Research area: Security Management
Project title: Conflicting Incentives Risk Analysis
Project description: The Conflicting Incentives Risk Analysis (CIRA) deals with humans in information security. CIRA is a method that analyses risks based on stakeholder actions and incentives.
Traditional approaches to humans in information security risk management (ISRM) generalize the human threat, e.g. as the “malicious insider” or the “hacker”. This is a flawed approach because it does not adequately consider the human factors in information security.
Another issue with traditional ISRM approaches, is that they consider risk as a product of probability and impact. Without any historical data to determine probability, this approach is likely provide incorrect results. People are generally not well calibrated to estimate risk.
Risk is also twofold; there are both risk of losses and opportunities of rewards. Traditional ISRM approaches fails to recognize the latter.
CIRA is a new way of approaching risk that seeks to address the issues in the traditional ISRM. It has the potential of improving the risk management process by adequately addressing human factors, and further contributing to better security and efficiency in organizations.
- Vasileios Gkioulos, Gaute Wangen, Sokratis Katsikas (2017). User Modeling Validation Over the Security Awareness of Digital Natives
- Vasileios Gkioulos, Gaute Wangen, Sokratis Katsikas, George Kavallieratos, Panayiotis Kotzanikolaou (2017). Security Awareness of the Digital Natives
- Gaute Wangen (2017). Cyber Security Risk Assessment Practices: Core Unified Risk Framework
- Gaute Wangen (2017). Information Security Risk Assessment: A Method Comparison
- Gaute Wangen, Niclas Hellesen, Erlend Brækken, Henrik Torres (2017). An Empirical Study of Root-Cause Analysis in Information Security Management
- Gaute Wangen (2016). An initial insight into Information Security Risk Assessment practices
- Gaute Wangen, Andrii Shalaginov (2016). Quantitative Risk, Statistical Methods and the Four Quadrants for Information Security
- Gaute Wangen, Andrii Shalaginov, Christoffer V Hallstensen (2016). Cyber security risk assessment of a DDoS attack
- Gaute Wangen (2015). An Initial Insight Into InfoSec Risk Management Practices
- Gaute Wangen (2015). Conflicting Incentives Risk Analysis: A Case Study of the Normative Peer Review Process
- Gaute Wangen (2015). The role of malware in reported cyber espionage: A review of the impact and mechanism
- Gaute Wangen, Einar Snekkenes (2014). A Comparison between Business Process Management and Information Security Management
- Gaute Wangen, Einar Snekkenes (2013). A Taxonomy of Challenges in Information Security Risk Management
- IMT6004 COINS Workshop (NTNU), 1 ECTS, 2014
- FRISC Finse winter school, Finse, Norway, 2014
- COINS Ph.D. student seminar, Tromsø, Norway, 2014
- COINS Ph.D. student seminar, Stavanger, Norway, 2013
- NISK, Stavanger, Norway, 2013