Vis enkel innførsel

dc.contributor.advisorSnekkenes, Einar Arthur
dc.contributor.authorSzekeres, Adam
dc.date.accessioned2020-11-11T07:02:00Z
dc.date.available2020-11-11T07:02:00Z
dc.date.issued2020
dc.identifier.isbn978-82-326-5093-4
dc.identifier.issn2703-8084
dc.identifier.urihttps://hdl.handle.net/11250/2687237
dc.description.abstractThe electric grid represents a critical infrastructure which has an essential rolein supporting societies. Therefore, it is important to identify, analyse and mitigate undesirable events that may disrupt the reliable operation of the grid. The traditional electric infrastructure is undergoing a radical transformation by the large-scale introduction of internet of things (IoT) technologies turning it into a Smart Grid (SG). Even though it is characterized by high levels of automation, people are responsible for the decisions that affect its development, operation and security. The importance of human decision-making is highlighted by the fact thatthe concept of security exists for a fundamental reason: stakeholder incentives can be misaligned i.e. there may exist a person who would benefit from causing a loss to another entity. While conscious attacks may take several forms and use various methods, they all require at least one motivated individual. On the other hand, there exists another class of affairs known as negative externalities which are not motivated by the explicit desire to do harm but represent undesirable side effects of conscious decisions to which another entity is exposed. The previously established Conflicting Incentives Risk Analysis (CIRA) method was built from game-theoretic and economic concepts to analyse risks due to misaligned incentives, in which the strength of human motivation plays a key role in characterizing risks. As the purpose of risk analysis is to make predictions about potential future events to guide resource allocations, CIRA relies on predictions about the behavior of key stakeholders in the future. The method’s real-world applicability depends on the accuracy with which strategic stakeholder decisions can be predicted. Therefore, there is a need for the reliable and valid assessment of human motivation underlying observable behaviour. However, CIRA lacks a foundation in psychological theories which could enhance its practical utility. This thesis contributes to the literature of information security risk analysis by investigating the predictability of human behavior and by integrating a major motivational theory into CIRA’s existing framework. The work is guided by the Design Science Research (DSR) paradigm, which emphasizes that design artefacts and knowledge about their performance can be obtained by iterating through build-evaluate cycles. The behavior prediction problem is divided into two sub-problems using a person-situation (P-S) interactionist framework, which proposes that assessment of personal and situational attributes is necessary to enable improved predictions. When addressing the person side, this work assumes highly restricted environments with adversarial stakeholders who may be inaccessible for traditional psychological assessment methods and non-cooperative with an analyst, which requires the use of unobtrusive methods for inferring relevant motivational profile information about stakeholders. The thesis proposes and evaluates methods for constructing personal and situational profiles and evaluates the P-S framework to assess its practical feasibility by taking into account expected analyst performance. Furthermore, a model is proposed and evaluated which establishes a connection between CIRA and the Smart Grid infrastructure to facilitate a common understanding among stakeholders involved in the development and risk analysis of SG scenarios, and to improve risk communication. Limitations related to the specific artefacts and their implications for the general problem of human behavior prediction are identified and directions for further work are discussed with the goal of providing a better understanding about the connection between basic human motivations and the resulting risks which may pose a threat to the safety and security of societies.en_US
dc.language.isoengen_US
dc.publisherNTNUen_US
dc.relation.ispartofseriesDoctoral theses at NTNU;2020:373
dc.relation.haspartPaper 1: Szekeres, Adam; Snekkenes, Einar Arthur. Predicting CEO Misbehavior from Observables: Comparative Evaluation of Two Major Personality Models. I: E-Business and Telecommunications, 15th International Joint Conference, ICETE 2018, Porto, Portugal, July 26–28, 2018, Revised Selected Papers. Springer 2019 ISBN 978-3-030-34865-6. s. 135-158 https://doi.org/10.1007/978-3-030-34866-3_7en_US
dc.relation.haspartPaper 2: Szekeres, Adam; Wasnik, Pankaj Shivdayal; Snekkenes, Einar Arthur. Using Demographic Features for the Prediction of Basic Human Values Underlying Stakeholder Motivation. I: Proceedings of the 21st International Conference on Enterprise Information Systems - (Volume 2). SciTePress 2019 ISBN 978-989-758-372-8. s. 377-389 https://doi.org/10.5220/0007694203770389 (CC BY-NC-ND 4.0)
dc.relation.haspartPaper 3: Szekeres, Adam; Snekkenes, Einar Arthur. Construction of Human Motivational Profiles by Observation for Risk Analysis. IEEE Access 2020 ;Volum 8. s. 45096-45107 https://doi.org/ 10.1109/ACCESS.2020.2976633 (CC BY 4.0)
dc.relation.haspartPaper 4: Szekeres, Adam; Snekkenes, Einar Arthur. A Taxonomy of Situations within the Context of Risk Analysis. I: Proceedings of the 25th Conference of Open Innovations Association FRUCT. Helsinki, Finland: FRUCT Oy 2019 ISBN 978-952-69244-0-3. s. 306-316 https://doi.org/10.23919/FRUCT48121.2019.8981536 “© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.”
dc.relation.haspartPaper 5: Szekeres, Adam; Snekkenes, Einar Arthur. Prediction of threat and opportunity risks: evaluation of a psychological approach using attributes of persons and situations
dc.relation.haspartPaper 6: Szekeres, Adam; Snekkenes, Einar Arthur. Representing decision-makers in SGAM-H: the Smart Grid Architecture Model Extended with the Human Layer. I: Graphical Models for Security - 7th International Workshop, GraMSec 2020, Revised Selected Paper. Springer 2020 ISBN 978-3-030-62229-9. s. 87-110. Part of the Lecture Notes in Computer Sciencebook series (LNCS, volume 12419) https://doi.org/10.1007/978-3-030-62230-5_5
dc.titleHuman Motivation as the Basis of Information Security Risk Analysisen_US
dc.typeDoctoral thesisen_US
dc.subject.nsiVDP::Technology: 500::Information and communication technology: 550en_US


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel