A New Approach to the Problem of Unauthorized Access: Raising Perceptions of Accountability through User Interface Design Features

The Dewald Roode Workshop in Information Systems Security 2011, Blacksburg, Virginia, USA, September 22–23, pp. 1–38

39 Pages Posted: 5 Jun 2013

See all articles by Anthony Vance

Anthony Vance

Brigham Young University - Department of Information Systems

Braden Molyneux

Brigham Young University - Department of Information Systems

Paul Benjamin Lowry

Virginia Polytechnic Institute & State University - Pamplin College of Business

Dennis L. Eggett

Brigham Young University - Center for Statistical Consultation and Collaborative Research

Date Written: September 1, 2011

Abstract

A persistent problem of information security is the threat of organizational insiders, an example of which is the unauthorized access of information. A long-standing solution to this problem is the principle of least privilege, which requires that systems users be given the minimum amount of access privilege required to complete a task. However, this solution is partial. While it limits access and therefore the risk of unauthorized access, it does not prevent the abuse of access privileges properly granted. In addition, in many financial, medical, and customer records systems, granularly restricting access privileges is not practical.

This study presents accountability — the expectation that one will be required to answer for one's actions — as an alternative solution to the problem of unauthorized access. We apply accountability theory to the context of system access privileges to predict that three aspects of accountability — identifiability, evaluation, and social presence — will reduce instances of unauthorized access. We develop a factorial survey to determine the effects of user interface design features relating to these aspects of accountability. The results demonstrate the potential of accountability mechanisms within systems to prevent unauthorized access.

Keywords: unauthorized access, accountability, identifiability, evaluation, information security, user interface design

Suggested Citation

Vance, Anthony and Molyneux, Braden and Lowry, Paul Benjamin and Eggett, Dennis L., A New Approach to the Problem of Unauthorized Access: Raising Perceptions of Accountability through User Interface Design Features (September 1, 2011). The Dewald Roode Workshop in Information Systems Security 2011, Blacksburg, Virginia, USA, September 22–23, pp. 1–38. Available at SSRN: https://ssrn.com/abstract=2273570

Anthony Vance

Brigham Young University - Department of Information Systems ( email )

510 Tanner Building
Marriott School
Provo, UT 84602
United States

Braden Molyneux

Brigham Young University - Department of Information Systems ( email )

510 Tanner Building
Marriott School
Provo, UT 84602
United States

Paul Benjamin Lowry (Contact Author)

Virginia Polytechnic Institute & State University - Pamplin College of Business ( email )

1016 Pamplin Hall
Blacksburg, VA 24061
United States

Dennis L. Eggett

Brigham Young University - Center for Statistical Consultation and Collaborative Research ( email )

Register to save articles to
your library

Register

Paper statistics

Downloads
41
Abstract Views
241
PlumX Metrics