Gaute WangenPh.D. started in: 2013
Expected year of graduation: 2017
COINS consortium member: Norwegian University of Science and Technology
Supervised by: Einar Snekkenes
Research area: Security Management
Project title: Conflicting Incentives Risk Analysis
Project description: The Conflicting Incentives Risk Analysis (CIRA) deals with humans in information security. CIRA is a method that analyses risks based on stakeholder actions and incentives. Traditional approaches to humans in information security risk management (ISRM) generalize the human threat, e.g. as the "malicious insider" or the "hacker". This is a flawed approach because it does not adequately consider the human factors in information security. Another issue with traditional ISRM approaches, is that they consider risk as a product of probability and impact. Without any historical data to determine probability, this approach is likely provide incorrect results. People are generally not well calibrated to estimate risk. Risk is also twofold; there are both risk of losses and opportunities of rewards. Traditional ISRM approaches fails to recognize the latter. CIRA is a new way of approaching risk that seeks to address the issues in the traditional ISRM. It has the potential of improving the risk management process by adequately addressing human factors, and further contributing to better security and efficiency in organizations.