Start Date
30-10-2021 1:00 PM
End Date
30-10-2021 1:30 PM
Location
Online Zoom Session
Abstract
Cybersecurity involves a broad range of techniques, including cyber-physical, managerial, and technical, while authentication provides a layer of protection for Information Systems (IS) against data breaches. The recent COVID-19 pandemic brought a tsunami of data breach incidents worldwide. Authentication serves as a mechanism for IS against unauthorized access utilizing various defense techniques, with the most popular and frequently used technique being passwords. However, the dramatic increase of user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. Despite users being more aware of password entropy, users still often participate in deviant password behaviors also known as ‘password workarounds’ or ‘shadow security’. These deviant password behaviors can put individuals and organizations at risk resulting in data privacy issues, data loss, and ultimately a data breach incident. In this paper, we outline a research-in-progress study to build a risk taxonomy for organizations based on the to identify the risks associated with deviant password behaviors technique based on the constructs of users’ perceived cybersecurity risk of data breaches resulting from PassWord WorkArounds (PWWA) techniques. Additionally, this study aims to empirically assess significant mean difference between Subject Matter Experts (SMEs) and employees on their perceived cybersecurity risk of data breaches resulting from the deviant password behaviors and frequency of PWWA techniques usage.
Included in
Information Security Commons, Management Information Systems Commons, Technology and Innovation Commons
TOWARDS ASSESSING PASSWORD WORKAROUNDS AND PERCEIVED RISK TO DATA BREACHES FOR ORGANIZATIONAL CYBERSECURITY RISK MANAGEMENT TAXONOMY
Online Zoom Session
Cybersecurity involves a broad range of techniques, including cyber-physical, managerial, and technical, while authentication provides a layer of protection for Information Systems (IS) against data breaches. The recent COVID-19 pandemic brought a tsunami of data breach incidents worldwide. Authentication serves as a mechanism for IS against unauthorized access utilizing various defense techniques, with the most popular and frequently used technique being passwords. However, the dramatic increase of user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. Despite users being more aware of password entropy, users still often participate in deviant password behaviors also known as ‘password workarounds’ or ‘shadow security’. These deviant password behaviors can put individuals and organizations at risk resulting in data privacy issues, data loss, and ultimately a data breach incident. In this paper, we outline a research-in-progress study to build a risk taxonomy for organizations based on the to identify the risks associated with deviant password behaviors technique based on the constructs of users’ perceived cybersecurity risk of data breaches resulting from PassWord WorkArounds (PWWA) techniques. Additionally, this study aims to empirically assess significant mean difference between Subject Matter Experts (SMEs) and employees on their perceived cybersecurity risk of data breaches resulting from the deviant password behaviors and frequency of PWWA techniques usage.
Comments
Keywords: Cybersecurity risk, cybersecurity management, password workarounds, shadow security, risk to data breach, cyber risk taxonomy.