Addressing consumerization of IT risks with nudging

Iryna  Yevseyeva; James  Turland; Charles  Morisset; Lynne  Coventry; Thomas  Groß; Christopher  Laing; Aad van  Moorsel

doi:10.12821/ijispm030301

Authors

Iryna Yevseyeva School of Computing Science, Newcastle University
James Turland School of Computing Science, Newcastle University
Charles Morisset School of Computing Science, Newcastle University
Lynne Coventry School of Health & Life Sciences, Northumbria University
Thomas Groß School of Computing Science, Newcastle University
Christopher Laing Department of Computer Science, Northumbria University
Aad van Moorsel Department of Computer Science, Northumbria University

DOI:

https://doi.org/10.12821/ijispm030301

Keywords:

consumerization, security, risks, mitigation strategies, nudging

Abstract

In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context.

Addressing consumerization of IT risks with nudging

Authors

DOI:

Keywords:

Abstract

Downloads

Published

How to Cite

Issue

Section