This study comprises an information security risk assessment of smartphone use in Finland using Bayesian networks. The primary research method is a knowledge-based approach to build a causal Bayesian network model of information security risks and consequences. The risks, consequences, probabilities and impacts are identified from domain experts in a 2-stage interview process with 8 experts as well as from existing research and statistics. This information is then used to construct a Bayesian network model which lends itself to different use cases such as sensitivity and scenario analysis. The identified risks’probabilities follow a long tail wherein the most probable risks include unintentional data disclosure, failures of device or network, shoulder surfing or eavesdropping and loss or theft of device. Experts believe that almost 50% of users share more information to other parties through their smartphones than they acknowledge or would be willing to share. This study contains several implications for consumers as well as indicates a clear need for increasing security awareness among smartphone users.
INFORMATION SECURITY RISK ASSESSMENT UNDER UNCERTAINTY USING DYNAMIC BAYESIAN NETWORKS
