Information and Communication Technology system's user should be considered as system's component, because user's behaviour can significantly affect the system's security level. The aim of this paper is to develop an assessment method for user's potentially risky behaviour. Ontology and OWL symbolic language have been chosen in order to define the semantic model and to formalize the knowledge of the domain on "user's potentially risky behaviour". The Evidential Reasoning algorithm has been chosen for assessment of user's behaviour. The normalized results for assessment on user's behaviour give an interval ranging from 0,066 for the "naive" user to 1,000 for the "paranoid" system's user which can be used for reference in future work. This paper shows how to use the Evidential Reasoning algorithm to evaluate the human part of a technical system, how to evaluate a group of users instead of an individual evaluation. Furthermore, conditions required to map the algorithm to the ontological structure are defined.

• 出版日期2013-4