TY - JOUR
T1 - SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization
AU - Oser, Pascal
AU - Feger, Sebastian
AU - Woźniak, Paweł
AU - Karolus, Jakob
AU - Spagnuelo, Dayana
AU - Gupta, Akash
AU - Lüders, Stefan
AU - Schmidt, Albrecht
AU - Kargl, Frank
PY - 2020/9
Y1 - 2020/9
N2 - Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks, infrastructure and users at risk. We developed and evaluated SAFER, an IoT device risk assessment framework designed to improve users' ability to assess the security of connected devices. We deployed SAFER in a large multinational organization that permits use of private devices. To evaluate the framework, we conducted a mixed-method study with 20 employees. Our findings suggest that SAFER increases users' awareness of security issues. It provides valuable advice and impacts device selection. Based on our findings, we discuss implications for the design of device risk assessment tools, with particular regard to the relationship between risk communication and user perceptions of device complexity.
AB - Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks, infrastructure and users at risk. We developed and evaluated SAFER, an IoT device risk assessment framework designed to improve users' ability to assess the security of connected devices. We deployed SAFER in a large multinational organization that permits use of private devices. To evaluate the framework, we conducted a mixed-method study with 20 employees. Our findings suggest that SAFER increases users' awareness of security issues. It provides valuable advice and impacts device selection. Based on our findings, we discuss implications for the design of device risk assessment tools, with particular regard to the relationship between risk communication and user perceptions of device complexity.
KW - Device risk assessment
KW - Informed decision
KW - IoT devices
KW - Security awareness
KW - Usable security
UR - https://www.mendeley.com/catalogue/b178fb65-859f-3d90-a0f5-487d1261016c/
U2 - 10.1145/3414173
DO - 10.1145/3414173
M3 - Article
SN - 2474-9567
VL - 4
SP - 1
EP - 22
JO - Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
JF - Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
IS - 3
M1 - 114
ER -