Title :
Reducing Unauthorized Access by Insiders through User Interface Design: Making End Users Accountable
Author :
Vance, Anthony ; Molyneux, Braden ; Lowry, Paul Benjamin
Abstract :
A long-time tenet of information security is the principle of least privilege, which requires that systems users be given the minimum amount of access privilege required to complete a task. However, many financial, medical, and customer records systems grant employees broad access for reasons of practical necessity. Unfortunately, with broad access rights comes potential for abuse. This paper investigates how user interface design features of a system can be designed to make end users feel more accountable for their actions in the system and less likely to abuse their access rights. To do so, we developed a factorial survey to determine the effects of user interface design features relating to three aspects of accountability: (1) identifiability, (2) evaluation, and (3) social presence. The results of the factorial survey show that the accountability design features significantly reduced intention to commit unauthorized access.
Keywords :
authorisation; social aspects of automation; user interfaces; access rights; accountability design features; evaluation aspect; identifiability aspect; information security; social presence aspect; unauthorized access reduction; user interface design; Computers; Context; Educational institutions; Information systems; Permission; Systematics; computer abuse; end user computing; information security policy violation; unauthorized access;
Conference_Titel :
System Science (HICSS), 2012 45th Hawaii International Conference on
Conference_Location :
Maui, HI
Print_ISBN :
978-1-4577-1925-7
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2012.499
