Show simple item record

dc.contributor.authorYevseyeva, Irynaen
dc.contributor.authorTurland, Jamesen
dc.contributor.authorMorisset, Charlesen
dc.contributor.authorCoventry, Lynneen
dc.contributor.authorGross, Thomasen
dc.contributor.authorLaing, Christopheren
dc.contributor.authorvan Moorsel, Aaden
dc.date.accessioned2016-05-12T13:49:35Z
dc.date.available2016-05-12T13:49:35Z
dc.date.issued2015-09
dc.identifier.citationYevseyeva, I. et al. (2015) Addressing consumerisation of IT risks with nudging. International Journal of Information Systems and Project Management. 3 (3), pp. 5-22en
dc.identifier.urihttp://hdl.handle.net/2086/12060
dc.description.abstractIn this work we address the main issues of Information Technology (IT) consumerisation that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context.en
dc.language.isoenen
dc.publisherInternational Journal of Information Systems and Project Management.en
dc.subjectconsumerisationen
dc.subjectsecurityen
dc.subjectrisksen
dc.subjectmitigation strategiesen
dc.subjectnudgingen
dc.titleAddressing consumerisation of IT risks with nudgingen
dc.typeArticleen
dc.identifier.doihttps://doi.org/10.12821/ijispm030301
dc.researchgroupCyber Security Centreen
dc.peerreviewedYesen
dc.explorer.multimediaNoen
dc.funderEPSRC (Engineering and Physical Sciences Research Council)en
dc.funderGovernment Communications Headquarters (GCHQ), UK, as a part of Cyber Research Instituteen
dc.projectidEP/K006568/1en
dc.cclicenceCC-BY-NC-NDen
dc.researchinstituteCyber Technology Institute (CTI)en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record