Browsing by Author "Morisset, Charles"

Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemOpen Access
    Addressing consumerisation of IT risks with nudging
    (International Journal of Information Systems and Project Management., 2015-09) Yevseyeva, Iryna; Turland, James; Morisset, Charles; Coventry, Lynne; Gross, Thomas; Laing, Christopher; van Moorsel, Aad
    In this work we address the main issues of Information Technology (IT) consumerisation that are related to security risks, and vulnerabilities of devices used within Bring Your Own Device (BYOD) strategy in particular. We propose a ‘soft’ mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions. Several examples of nudging are considered for different tested and potential scenarios in security context.
  • Thumbnail Image
    ItemOpen Access
    Modeling and analysis of influence power for information security decisions
    (Elsevier, 2016-04) Yevseyeva, Iryna; Morisset, Charles; van Moorsel, Aad
    Users of computing systems and devices frequently make decisions related to information security, e. g., when choosing a password, deciding whether to log into an unfamiliar wireless network. Employers or other stakeholders may have a preference for certain outcomes, without being able to or having a desire to enforce a particular decision. In such situations, systems may build in design nudges to influence the decision making, e. g., by highlighting the employer’s preferred solution. In this paper we model influencing information security to identify which approaches to influencing are most effective and how they can be optimized. To do so, we extend traditional multi-criteria decision analysis models with modifiable criteria, to represent the available approaches an influencer has for influencing the choice of the decision maker. The notion of influence power is introduced to characterize the extent to which an influencer can influence decision makers. We illustrate our approach using data from a controlled experiment on techniques to influence which public wireless network users select. This allows us to calculate influence power and identify which design nudges exercise the most influence over user decisions.