Open AccessInformation Security Risk Assessment of Smartphones Using Bayesian Networks
Author(s) -
Kristian Herland,
Heikki Hämmáinen,
Pekka Kekolahti
Publication year - 2015
Publication title -
journal of cyber security and mobility
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.198
H-Index - 9
eISSN - 2245-4578
pISSN - 2245-1439
DOI - 10.13052/2245-1439.424
Subject(s) - bayesian network , eavesdropping , computer science , construct (python library) , risk assessment , information security , computer security , process (computing) , bayesian probability , risk analysis (engineering) , business , machine learning , artificial intelligence , programming language , operating system
This study comprises an information security risk assessment of smartphone use in Finland using Bayesian networks. The primary research method is a knowledge-based approach to build a causal Bayesian network model of information security risks and consequences. The risks, consequences, probabilities and impacts are identified from domain experts in a 2-stage interview process with 8 experts as well as from existing research and statistics. This information is then used to construct a Bayesian network model which lends itself to different use cases such as sensitivity and scenario analysis. The identified risks’probabilities follow a long tail wherein the most probable risks include unintentional data disclosure, failures of device or network, shoulder surfing or eavesdropping and loss or theft of device. Experts believe that almost 50% of users share more information to other parties through their smartphones than they acknowledge or would be willing to share. This study contains several implications for consumers as well as indicates a clear need for increasing security awareness among smartphone users.