Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging

Iryna Yevseyeva; Charles Morisset; James Turland; Lynne Coventry; Thomas Groß; Christopher Laing; Aad van Moorsel

doi:10.1016/j.protcy.2014.10.118

Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging

Iryna Yevseyeva, Charles Morisset, James Turland, Lynne Coventry, Thomas Groß, Christopher Laing, Aad van Moorsel

School of Psychology

Research output: Contribution to journal › Article › peer-review

22 Downloads (Pure)

Abstract

In this work we address the main issues of IT consumerisation that are related to security risks, and propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security related decisions.

Original language	English
Pages (from-to)	508-517
Journal	Procedia Technology
Volume	16
DOIs	https://doi.org/10.1016/j.protcy.2014.10.118
Publication status	Published - 11 Nov 2014

Keywords

consumerisation
security
risks
mitigation strategies
nudging

Access to Document

10.1016/j.protcy.2014.10.118

Centeris2014 Improving Productivity With NudgingFinal published version, 353 KB

Cite this

@article{220e0db8282e4727852273f0303700ca,

title = "Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging",

abstract = "In this work we address the main issues of IT consumerisation that are related to security risks, and propose a {\textquoteleft}soft{\textquoteright} mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security related decisions.",

keywords = "consumerisation, security, risks, mitigation strategies, nudging",

author = "Iryna Yevseyeva and Charles Morisset and James Turland and Lynne Coventry and Thomas Gro{\ss} and Christopher Laing and {van Moorsel}, Aad",

note = "Presented at Conference on ENTERprise Information Systems (CENTERIS 2014), 15-17 October 2014, Troia, Portugal.",

year = "2014",

month = nov,

day = "11",

doi = "10.1016/j.protcy.2014.10.118",

language = "English",

volume = "16",

pages = "508--517",

journal = "Procedia Technology",

publisher = "Elsevier",

}

TY - JOUR

T1 - Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging

AU - Yevseyeva, Iryna

AU - Morisset, Charles

AU - Turland, James

AU - Coventry, Lynne

AU - Groß, Thomas

AU - Laing, Christopher

AU - van Moorsel, Aad

N1 - Presented at Conference on ENTERprise Information Systems (CENTERIS 2014), 15-17 October 2014, Troia, Portugal.

PY - 2014/11/11

Y1 - 2014/11/11

N2 - In this work we address the main issues of IT consumerisation that are related to security risks, and propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security related decisions.

AB - In this work we address the main issues of IT consumerisation that are related to security risks, and propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security related decisions.

KW - consumerisation

KW - security

KW - risks

KW - mitigation strategies

KW - nudging

U2 - 10.1016/j.protcy.2014.10.118

DO - 10.1016/j.protcy.2014.10.118

M3 - Article

VL - 16

SP - 508

EP - 517

JO - Procedia Technology

JF - Procedia Technology

ER -

Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging

Abstract

Keywords

Access to Document

Fingerprint

Cite this