Addressing consumerization of IT risks with nudging

Addressing consumerization of IT risks with nudging

In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information systems and project management 2015-01, Vol.3 (3), p.5-22
Hauptverfasser: Yevseyeva, Iryna, Turland, James, Morisset, Charles, Coventry, Lynne, Groß, Thomas, Laing, Christopher, Moorsel, Aad van
Format: Artikel
Sprache:eng
Schlagworte:
consumerization
mitigation strategies
nudging
risks
security
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this work we address the main issues of Information Technology (IT) consumerization that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behavior influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behavior by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context.
ISSN:2182-7788
2182-7796
2182-7788
DOI:10.12821/ijispm030301