Addressing consumerization of IT risks with nudging
Autor(a) principal: | |
---|---|
Data de Publicação: | 2022 |
Outros Autores: | , , , , , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | https://doi.org/10.12821/ijispm030301 |
Resumo: | In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context. |
id |
RCAP_39d0427daed7595a1baeb7e28160e8bf |
---|---|
oai_identifier_str |
oai:journals.uminho.pt:article/3893 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Addressing consumerization of IT risks with nudgingconsumerizationsecurityrisksmitigation strategiesnudgingIn this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context.UMinho Editora2022-02-08info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttps://doi.org/10.12821/ijispm030301https://doi.org/10.12821/ijispm030301International Journal of Information Systems and Project Management; Vol. 3 N.º 3 (2015); 5-22International Journal of Information Systems and Project Management; Vol. 3 No. 3 (2015); 5-222182-7788reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAPenghttps://revistas.uminho.pt/index.php/ijispm/article/view/3893https://revistas.uminho.pt/index.php/ijispm/article/view/3893/3949Yevseyeva, IrynaTurland, JamesMorisset, CharlesCoventry, LynneGroß, ThomasLaing, ChristopherMoorsel, Aad vaninfo:eu-repo/semantics/openAccess2023-03-23T11:57:53Zoai:journals.uminho.pt:article/3893Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T17:45:19.812938Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Addressing consumerization of IT risks with nudging |
title |
Addressing consumerization of IT risks with nudging |
spellingShingle |
Addressing consumerization of IT risks with nudging Yevseyeva, Iryna consumerization security risks mitigation strategies nudging |
title_short |
Addressing consumerization of IT risks with nudging |
title_full |
Addressing consumerization of IT risks with nudging |
title_fullStr |
Addressing consumerization of IT risks with nudging |
title_full_unstemmed |
Addressing consumerization of IT risks with nudging |
title_sort |
Addressing consumerization of IT risks with nudging |
author |
Yevseyeva, Iryna |
author_facet |
Yevseyeva, Iryna Turland, James Morisset, Charles Coventry, Lynne Groß, Thomas Laing, Christopher Moorsel, Aad van |
author_role |
author |
author2 |
Turland, James Morisset, Charles Coventry, Lynne Groß, Thomas Laing, Christopher Moorsel, Aad van |
author2_role |
author author author author author author |
dc.contributor.author.fl_str_mv |
Yevseyeva, Iryna Turland, James Morisset, Charles Coventry, Lynne Groß, Thomas Laing, Christopher Moorsel, Aad van |
dc.subject.por.fl_str_mv |
consumerization security risks mitigation strategies nudging |
topic |
consumerization security risks mitigation strategies nudging |
description |
In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context. |
publishDate |
2022 |
dc.date.none.fl_str_mv |
2022-02-08 |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
https://doi.org/10.12821/ijispm030301 https://doi.org/10.12821/ijispm030301 |
url |
https://doi.org/10.12821/ijispm030301 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
https://revistas.uminho.pt/index.php/ijispm/article/view/3893 https://revistas.uminho.pt/index.php/ijispm/article/view/3893/3949 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
UMinho Editora |
publisher.none.fl_str_mv |
UMinho Editora |
dc.source.none.fl_str_mv |
International Journal of Information Systems and Project Management; Vol. 3 N.º 3 (2015); 5-22 International Journal of Information Systems and Project Management; Vol. 3 No. 3 (2015); 5-22 2182-7788 reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799131538202296320 |