![[img]](https://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png) | Published Version Download ( PDF | 1MB) |
Digital Nudges for Access Reviews: Guiding Deciders to Revoke Excessive Authorizations
Baumer, Thomas
, Reittinger, Tobias , Kern, Sascha and Pernul, Günther
(2024)
Digital Nudges for Access Reviews: Guiding Deciders to Revoke Excessive Authorizations.
In: Twentieth Symposium on Usable Privacy and Security (SOUPS 2024), 11 - 13 Aug 2024, Philadelphia, PA, USA.
Date of publication of this fulltext: 10 Sep 2024 04:14
Conference or workshop item
DOI to cite this document: 10.5283/epub.59116
Abstract
Organizations tend to over-authorize their members, ensuring smooth operations. However, these excessive authorizations offer a substantial attack surface and are the reason regulative authorities demand periodic checks of their authorizations. Thus, organizations conduct time-consuming and costly access reviews to verify these authorizations by human decision-makers. Still, these deciders only ...
Organizations tend to over-authorize their members, ensuring smooth operations. However, these excessive authorizations offer a substantial attack surface and are the reason regulative authorities demand periodic checks of their authorizations. Thus, organizations conduct time-consuming and costly access reviews to verify these authorizations by human decision-makers. Still, these deciders only marginally revoke authorizations due to the poor usability of access reviews. In this work, we apply digital nudges to guide human deciders during access reviews to tackle this issue and improve security. In detail, we formalize the access review problem, interview experts (n=10) to identify several nudges helpful for access reviews, and conduct a user study (n=102) for the Choice Defaults Nudge. We show significant behavior changes in revoking authorizations. We also achieve time savings and less stress. However, we also found that improving the overall quality requires more advanced means. Finally, we discuss design implications for access reviews with digital nudges.
Alternative links to fulltext
Involved Institutions
Details
| Item type | Conference or workshop item (Paper) | ||||
| Date | August 2024 | ||||
| Additional Information (public) | This paper is included in the Proceedings of the Twentieth Symposium on Usable Privacy and Security. August 12–13, 2024 • Philadelphia, PA, USA 978-1-939133-42-7 | ||||
| Institutions | Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatics and Data Science > Department Information Systems > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Related URLs |
| ||||
| Keywords | Access Control, Digital Nudges, Choice Defaults, Expert Interviews, User Study, Formalization | ||||
| Dewey Decimal Classification | 000 Computer science, information & general works > 004 Computer science 300 Social sciences > 330 Economics 600 Technology > 600 Technology (Applied sciences) | ||||
| Status | Published | ||||
| Refereed | Yes, this version has been refereed | ||||
| Created at the University of Regensburg | Yes | ||||
| URN of the UB Regensburg | urn:nbn:de:bvb:355-epub-591163 | ||||
| Item ID | 59116 |
Export bibliographical data
Owner only: item control page
Download Statistics
Download Statistics