Consumerisation of IT: mitigating risky user actions and improving productivity with nudging

Iryna Yevseyeva; Charles Morisset; James Turland; Lynne Coventry; Thomas Groß; Christopher Laing; Aad van Moorsel

doi:10.1016/j.protcy.2014.10.118

Consumerisation of IT: mitigating risky user actions and improving productivity with nudging

Iryna Yevseyeva^*, Charles Morisset, James Turland, Lynne Coventry, Thomas Groß, Christopher Laing, Aad van Moorsel

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

19 Downloads (Pure)

Abstract

In this work we address the main issues of IT consumerisation that are related to security risks, and propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions.

Original language	English
Pages (from-to)	508-517
Number of pages	10
Journal	Procedia Technology
Volume	16
Early online date	11 Nov 2014
DOIs	https://doi.org/10.1016/j.protcy.2014.10.118
Publication status	Published - 2014
Externally published	Yes
Event	Conference on ENTERprise Information Systems - Troia Aqualuz, Troia, Portugal Duration: 15 Oct 2014 → 17 Oct 2014 Conference number: 6th https://web.archive.org/web/20140418060216/http://centeris.scika.org/?page=home

Keywords

Consumerisation
Security
Risks
Mitigation strategies
Nudging

Access to Document

10.1016/j.protcy.2014.10.118Licence: Other

Coventry_ConsumerisationOfIT_Publication_2022Final published version, 199 KBLicence: Other

Cite this

@article{fe8d279657664a1c8255db94ba9aa873,

title = "Consumerisation of IT: mitigating risky user actions and improving productivity with nudging",

abstract = "In this work we address the main issues of IT consumerisation that are related to security risks, and propose a {\textquoteleft}soft{\textquoteright} mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions.",

author = "Iryna Yevseyeva and Charles Morisset and James Turland and Lynne Coventry and Thomas Gro{\ss} and Christopher Laing and Moorsel, \{Aad van\}",

year = "2014",

doi = "10.1016/j.protcy.2014.10.118",

language = "English",

volume = "16",

pages = "508--517",

journal = "Procedia Technology",

issn = "2212-0173",

publisher = "Elsevier",

note = "Conference on ENTERprise Information Systems, CENTERIS ; Conference date: 15-10-2014 Through 17-10-2014",

url = "https://web.archive.org/web/20140418060216/http://centeris.scika.org/?page=home",

}

TY - JOUR

T1 - Consumerisation of IT

T2 - Conference on ENTERprise Information Systems

AU - Yevseyeva, Iryna

AU - Morisset, Charles

AU - Turland, James

AU - Coventry, Lynne

AU - Groß, Thomas

AU - Laing, Christopher

AU - Moorsel, Aad van

N1 - Conference code: 6th

PY - 2014

Y1 - 2014

N2 - In this work we address the main issues of IT consumerisation that are related to security risks, and propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions.

AB - In this work we address the main issues of IT consumerisation that are related to security risks, and propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions.

U2 - 10.1016/j.protcy.2014.10.118

DO - 10.1016/j.protcy.2014.10.118

M3 - Article

SN - 2212-0173

VL - 16

SP - 508

EP - 517

JO - Procedia Technology

JF - Procedia Technology

Y2 - 15 October 2014 through 17 October 2014

ER -

Consumerisation of IT: mitigating risky user actions and improving productivity with nudging

Abstract

Keywords

Access to Document

Fingerprint

Cite this