nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Re-designing Permission Requirements to Encourage BYOD Policy Adherence

verfasst von : Lotus Lee, Jeremiah D. Still

Erschienen in: Human Aspects of Information Security, Privacy, and Trust

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Many corporations and organizations support a Bring Your Own Device (BYOD) policy, which allows employees to use their personal smartphones for work-related purposes. Access to proprietary company data and information from an employee’s smartphone raises serious privacy and security concerns. Companies are vulnerable to data breaches if employees are unable to discern which applications are safe to install. Situating privacy requirements ought to encourage safer application install decisions and decrease risker ones. This study examines the use of context-relevant warning messages, which alert employees to be cautious when the company’s BYOD policy may be violated. We also explore the impact of presenting permission requirements before and after making the install decision. We provide evidence that the presence of warnings, despite the timing of when they were presented, facilitated a lower number of risky installations. In situations when it was safe to install an application, warning messages presented before the install decision drastically encouraged installations compared to when there were no warnings. Interestingly, the opposite pattern was found when warning messages were presented after the decision. Overall, better privacy and security decisions will be made if permission requirements are displayed with relevant warning messages. In addition, safe installations will be encouraged through the placement of these meaningful warnings on the description page of a mobile application before a user has decided to install it.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Profit-Maximizing Trustworthiness Level of Composite Systems

Nächstes Kapitel Real-Time Monitoring of Privacy Abuses and Intrusion Detection in Android System

Akhawe, D., Felt, A.P.: Alice in Warningland: a large-scale field study of browser security warning effectiveness. In: Usenix Security, pp. 257–272 (2013)

Balebako, R., Marsh, A., Lin, J., Hong, J., Cranor, L.F.: The privacy and security behaviors of smartphone app developers. In: Workshop 2014 Usable Security Experiments (USEC) (2014)

Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 73–84 (2010)

Bohme, R., Kopsell, S.: Trained to accept? a field experiment on consent dialogs. In: Proceedings of the 28th International Conference on Human Factors in Computing Systems, pp. 2403–2406 (2010)

Chia, P.H., Yamamoto, Y., Asokan, N.: Is this app safe? a large scale study on application permissions and risk signals. In: Proceedings of the 21st International Conference on World Wide Web, pp. 311–320 (2012)

Choe, E.K., Jung, J., Lee, B., Fisher, K.: Nudging people away from privacy-invasive mobile apps through visual framing. In: Kotzé, P., Marsden, G., Lindgaard, G., Wesson, J., Winckler, M. (eds.) INTERACT 2013, Part III. LNCS, vol. 8119, pp. 74–91. Springer, Heidelberg (2013)CrossRef

Cialdini, R.B., Cacioppo, J.T., Bassett, R., Miller, J.A.: Low-ball procedure for producing compliance: commitment then cost. J. Pers. Soc. Psychol. 36, 463–476 (1978)CrossRef

Egelman, S., Tsai, J., Cranor, L.F., Acquisti, A.: Timing is everything?: the effects of timing and placement of online privacy indicators. In: Proceedings of the Conference on Human Factors in Computing Systems, pp. 319–328 (2009)

Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th on Computers and Communications Security, pp. 627–638 (2011)

Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Symposium on Usable Privacy and Security, pp. 1–14 (2012)

Jian, J.-Y., Bisantz, A.M., Drury, C.G.: Foundations for an empirically determined scale of trust in automated systems. Int. J. Cogn. Ergon. 4(1), 53–71 (2000)CrossRef

Jou, J., Shanteau, J., Harris, R.J.: An information processing view of framing effects: the role of causal schemas in decision making. Mem. Cogn. 24, 1–15 (1996)CrossRef

Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing application on an android smartphone. In: Conference of Financial Cyptography and Data Security, Workshop on Usable Security, pp. 1–12 (2012)

Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the 2013 ACM Annual Conference on Human Factors in Computing Systems, pp. 3393–3402 (2013)

Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? security awareness in smartphone platforms. J. Comput. Secur. 34, 47–66 (2013)CrossRef

Mylonas, A., Theoharidou, M., Gritzalis, D.: Assessing privacy risks in Android: a user-centric approach. In: Proceedings of the 1st International Workshop on Risk Assessment and Risk-Driven Testing, pp. 21–37 (2014)

Pfleeger, S.L., Caputo, D.D.: Leveraging behavioral science to mitigate cyber security risk. Comput. Secur. 31(4), 597–611 (2012)CrossRef

Solove, D.J.: Privacy self-management and the consent dilemma. Harv. Law Rev. 126, 1880–1903 (2013)

Yee, K.P.: Guidelines and strategies for secure interaction design. In: Russell, D. (ed.) Security and Usability: Designing Secure Systems that People can Use, pp. 247–273. O’Reilly Media Inc., Sebastopol (2005)

Titel: Re-designing Permission Requirements to Encourage BYOD Policy Adherence
verfasst von: Lotus Lee
Jeremiah D. Still
Verlag: Springer International Publishing
Buch: Human Aspects of Information Security, Privacy, and Trust
Print ISBN: 978-3-319-20375-1

Electronic ISBN: 978-3-319-20376-8

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-20376-8_33

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner