Balancing Risk Appetite and Risk Attitude in Requirements: a Framework for User Liberation

Daniel Dresner, Joy Garfield

Research output: Contribution to journalConference articlepeer-review

Abstract

The tendency to throw controls at perceived and real system vulnerabilities, coupled with the likelihood of these controls being technical in nature, has the propensity to favour security over usability. However there is little evidence of increased assurance and it could encourage work stoppages or deviations that keep honest users from engaging with the system. The conflicting balance of trust and controls, and the challenge of turning that balance into clear requirements, creates an environment that alienates users and feeds the paranoia of actors who assume more ownership of the system than necessary. Security therefore becomes an inhibitor rather than an enabler for the community. This paper looks at measuring the balance of an organisation’s or a community’s risk appetite with the risk attitudes of its members in the early stages of IS development. It suggests how the dials of assurance can be influenced by the levers of good systems practice to create a cultural shift to trusting the users.
Original languageEnglish
Journal UK Academy for Information Systems Conference Proceedings
Volume10
Publication statusPublished - 2014
Event UK Academy for Information Systems Conference Proceedings - Oxford, United Kingdom
Duration: 7 Apr 20149 Apr 2014

Fingerprint

Dive into the research topics of 'Balancing Risk Appetite and Risk Attitude in Requirements: a Framework for User Liberation'. Together they form a unique fingerprint.

Cite this