Addressing consumerization of IT risks with nudging

Detalhes bibliográficos
Autor(a) principal: Yevseyeva, Iryna
Data de Publicação: 2022
Outros Autores: Turland, James, Morisset, Charles, Coventry, Lynne, Groß, Thomas, Laing, Christopher, Moorsel, Aad van
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: https://doi.org/10.12821/ijispm030301
Resumo: In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context.
id RCAP_39d0427daed7595a1baeb7e28160e8bf
oai_identifier_str oai:journals.uminho.pt:article/3893
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Addressing consumerization of IT risks with nudgingconsumerizationsecurityrisksmitigation strategiesnudgingIn this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context.UMinho Editora2022-02-08info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://doi.org/10.12821/ijispm030301https://doi.org/10.12821/ijispm030301International Journal of Information Systems and Project Management; Vol. 3 N.º 3 (2015); 5-22International Journal of Information Systems and Project Management; Vol. 3 No. 3 (2015); 5-222182-7788reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAPenghttps://revistas.uminho.pt/index.php/ijispm/article/view/3893https://revistas.uminho.pt/index.php/ijispm/article/view/3893/3949Yevseyeva, IrynaTurland, JamesMorisset, CharlesCoventry, LynneGroß, ThomasLaing, ChristopherMoorsel, Aad vaninfo:eu-repo/semantics/openAccess2023-03-23T11:57:53Zoai:journals.uminho.pt:article/3893Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T17:45:19.812938Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Addressing consumerization of IT risks with nudging
title Addressing consumerization of IT risks with nudging
spellingShingle Addressing consumerization of IT risks with nudging
Yevseyeva, Iryna
consumerization
security
risks
mitigation strategies
nudging
title_short Addressing consumerization of IT risks with nudging
title_full Addressing consumerization of IT risks with nudging
title_fullStr Addressing consumerization of IT risks with nudging
title_full_unstemmed Addressing consumerization of IT risks with nudging
title_sort Addressing consumerization of IT risks with nudging
author Yevseyeva, Iryna
author_facet Yevseyeva, Iryna
Turland, James
Morisset, Charles
Coventry, Lynne
Groß, Thomas
Laing, Christopher
Moorsel, Aad van
author_role author
author2 Turland, James
Morisset, Charles
Coventry, Lynne
Groß, Thomas
Laing, Christopher
Moorsel, Aad van
author2_role author
author
author
author
author
author
dc.contributor.author.fl_str_mv Yevseyeva, Iryna
Turland, James
Morisset, Charles
Coventry, Lynne
Groß, Thomas
Laing, Christopher
Moorsel, Aad van
dc.subject.por.fl_str_mv consumerization
security
risks
mitigation strategies
nudging
topic consumerization
security
risks
mitigation strategies
nudging
description In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context.
publishDate 2022
dc.date.none.fl_str_mv 2022-02-08
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://doi.org/10.12821/ijispm030301
https://doi.org/10.12821/ijispm030301
url https://doi.org/10.12821/ijispm030301
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv https://revistas.uminho.pt/index.php/ijispm/article/view/3893
https://revistas.uminho.pt/index.php/ijispm/article/view/3893/3949
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv UMinho Editora
publisher.none.fl_str_mv UMinho Editora
dc.source.none.fl_str_mv International Journal of Information Systems and Project Management; Vol. 3 N.º 3 (2015); 5-22
International Journal of Information Systems and Project Management; Vol. 3 No. 3 (2015); 5-22
2182-7788
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799131538202296320

Registros relacionados