Prioritizing computer security controls for home users

Justin Fanelli; John Waxler

doi:10.7287/peerj.preprints.27540v1

Prioritizing computer security controls for home users

1 Marymount University, ARLINGTON, VA, United States

2 School of Engineering and Applied Science, George Washington University, Washington, District of Columbia (DC), United States

DOI: 10.7287/peerj.preprints.27540v1

Published: 2019-02-15
Accepted: 2019-02-15

Subject Areas: Computer Education, Computer Networks and Communications, Security and Privacy
Keywords: Security Controls, Home Computing, Home cyber security, Security Prioritization, Multi Criteria Decision Making

Copyright: © 2019 Fanelli et al.
Licence: This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Preprints) and either DOI or URL of the article must be cited.

Cite this article: Fanelli J, Waxler J. 2019. Prioritizing computer security controls for home users. PeerJ Preprints 7:e27540v1 https://doi.org/10.7287/peerj.preprints.27540v1

Abstract

Hundreds of thousands of home users are victimized by cyber-attacks every year. Most experts agree that average home users are not doing enough to protect their computers and their information from cyber-attacks. Improperly managed home computers can lead to individuals losing data, systems performing slowly, loss of identity, and ransom payments; en masse attacks can act in concert to infect personal computers in business and government. Currently, home users receive conflicting guidance for a complicated terrain, often in the form of anecdotal 'Top 10' lists, that is not appropriate for their specific needs, and in many instances, users ignore all guidance. Often, these popular ‘Top 10’ lists appear to be based solely on opinion. Ultimately, we asked ourselves the following: how can we provide home users with better guidance for determining and applying appropriate security controls that meet their needs and can be verified by the cyber security community? In this paper, we propose a methodology for determining and prioritizing the most appropriate security controls for home computing. Using Multi Criteria Decision Making (MCDM) and subject matter expertise, we identify, analyze and prioritize security controls used by government and industry to determine which controls can substantively improve home computing security. We apply our methodology using examples to demonstrate its benefits.