SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization

Pascal Oser, Sebastian Feger, Paweł Woźniak, Jakob Karolus, Dayana Spagnuelo, Akash Gupta, Stefan Lüders, Albrecht Schmidt, Frank Kargl

Research output: Contribution to JournalArticleAcademicpeer-review

Abstract

Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks, infrastructure and users at risk. We developed and evaluated SAFER, an IoT device risk assessment framework designed to improve users' ability to assess the security of connected devices. We deployed SAFER in a large multinational organization that permits use of private devices. To evaluate the framework, we conducted a mixed-method study with 20 employees. Our findings suggest that SAFER increases users' awareness of security issues. It provides valuable advice and impacts device selection. Based on our findings, we discuss implications for the design of device risk assessment tools, with particular regard to the relationship between risk communication and user perceptions of device complexity.
Original languageEnglish
Article number114
Pages (from-to)1-22
Number of pages22
JournalProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
Volume4
Issue number3
DOIs
Publication statusPublished - Sept 2020

Keywords

  • Device risk assessment
  • Informed decision
  • IoT devices
  • Security awareness
  • Usable security

Fingerprint

Dive into the research topics of 'SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization'. Together they form a unique fingerprint.

Cite this