Internet users face a variety of risks as they conduct their business on-line, but they are often ill-equipped to recognize the risks and deal with them effectively. As a result, many users take the approach of limiting their on-line activities so as to reduce their exposure. This paper describes a risk management approach to building confidence and trust for Internet users. The underlying philosophy is not to make the Internet inherently safer, but to help users build an awareness of the risks they might encounter and to supply them with timely guidance. We also report on experience with a prototype system built to evaluate some of these ideas.
New Security Paradigms Workshop (NSPW) 2004 [Proceedings].