![[img]](https://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png) | Veröffentlichte Version Download ( PDF | 1MB) |
Digital Nudges for Access Reviews: Guiding Deciders to Revoke Excessive Authorizations
Baumer, Thomas
, Reittinger, Tobias , Kern, Sascha und Pernul, Günther
(2024)
Digital Nudges for Access Reviews: Guiding Deciders to Revoke Excessive Authorizations.
In: Twentieth Symposium on Usable Privacy and Security (SOUPS 2024), 11 - 13 Aug 2024, Philadelphia, PA, USA.
Veröffentlichungsdatum dieses Volltextes: 10 Sep 2024 04:14
Konferenz- oder Workshop-Beitrag
DOI zum Zitieren dieses Dokuments: 10.5283/epub.59116
Zusammenfassung
Organizations tend to over-authorize their members, ensuring smooth operations. However, these excessive authorizations offer a substantial attack surface and are the reason regulative authorities demand periodic checks of their authorizations. Thus, organizations conduct time-consuming and costly access reviews to verify these authorizations by human decision-makers. Still, these deciders only ...
Organizations tend to over-authorize their members, ensuring smooth operations. However, these excessive authorizations offer a substantial attack surface and are the reason regulative authorities demand periodic checks of their authorizations. Thus, organizations conduct time-consuming and costly access reviews to verify these authorizations by human decision-makers. Still, these deciders only marginally revoke authorizations due to the poor usability of access reviews. In this work, we apply digital nudges to guide human deciders during access reviews to tackle this issue and improve security. In detail, we formalize the access review problem, interview experts (n=10) to identify several nudges helpful for access reviews, and conduct a user study (n=102) for the Choice Defaults Nudge. We show significant behavior changes in revoking authorizations. We also achieve time savings and less stress. However, we also found that improving the overall quality requires more advanced means. Finally, we discuss design implications for access reviews with digital nudges.
Alternative Links zum Volltext
Beteiligte Einrichtungen
Details
| Dokumentenart | Konferenz- oder Workshop-Beitrag (Paper) | ||||
| Datum | August 2024 | ||||
| Zusätzliche Informationen (Öffentlich) | This paper is included in the Proceedings of the Twentieth Symposium on Usable Privacy and Security. August 12–13, 2024 • Philadelphia, PA, USA 978-1-939133-42-7 | ||||
| Institutionen | Wirtschaftswissenschaften > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatik und Data Science > Fachbereich Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Verwandte URLs |
| ||||
| Stichwörter / Keywords | Access Control, Digital Nudges, Choice Defaults, Expert Interviews, User Study, Formalization | ||||
| Dewey-Dezimal-Klassifikation | 000 Informatik, Informationswissenschaft, allgemeine Werke > 004 Informatik 300 Sozialwissenschaften > 330 Wirtschaft 600 Technik, Medizin, angewandte Wissenschaften > 600 Technik | ||||
| Status | Veröffentlicht | ||||
| Begutachtet | Ja, diese Version wurde begutachtet | ||||
| An der Universität Regensburg entstanden | Ja | ||||
| URN der UB Regensburg | urn:nbn:de:bvb:355-epub-591163 | ||||
| Dokumenten-ID | 59116 |
Bibliographische Daten exportieren
Nur für Besitzer und Autoren: Kontrollseite des Eintrags
Downloadstatistik
Downloadstatistik