A New Approach to the Problem of Unauthorized Access: Raising Perceptions of Accountability through User Interface Design Features
The Dewald Roode Workshop in Information Systems Security 2011, Blacksburg, Virginia, USA, September 22–23, pp. 1–38
39 Pages Posted: 5 Jun 2013
Date Written: September 1, 2011
A persistent problem of information security is the threat of organizational insiders, an example of which is the unauthorized access of information. A long-standing solution to this problem is the principle of least privilege, which requires that systems users be given the minimum amount of access privilege required to complete a task. However, this solution is partial. While it limits access and therefore the risk of unauthorized access, it does not prevent the abuse of access privileges properly granted. In addition, in many financial, medical, and customer records systems, granularly restricting access privileges is not practical.
This study presents accountability — the expectation that one will be required to answer for one's actions — as an alternative solution to the problem of unauthorized access. We apply accountability theory to the context of system access privileges to predict that three aspects of accountability — identifiability, evaluation, and social presence — will reduce instances of unauthorized access. We develop a factorial survey to determine the effects of user interface design features relating to these aspects of accountability. The results demonstrate the potential of accountability mechanisms within systems to prevent unauthorized access.
Keywords: unauthorized access, accountability, identifiability, evaluation, information security, user interface design
Suggested Citation: Suggested Citation