Reducing Unauthorized Access by Insiders through User Interface Design: Making End Users Accountable | IEEE Conference Publication | IEEE Xplore
Access provided by:

MIT Libraries

Sign Out
Access provided by:

MIT Libraries

Sign Out
ADVANCED SEARCH
Conferences >2012 45th Hawaii Internationa...

Reducing Unauthorized Access by Insiders through User Interface Design: Making End Users Accountable

PDF
Anthony Vance; Braden Molyneux; Paul Benjamin Lowry
All Authors

Abstract:

A long-time tenet of information security is the principle of least privilege, which requires that systems users be given the minimum amount of access privilege required ...Show More

Metadata

Abstract:

A long-time tenet of information security is the principle of least privilege, which requires that systems users be given the minimum amount of access privilege required to complete a task. However, many financial, medical, and customer records systems grant employees broad access for reasons of practical necessity. Unfortunately, with broad access rights comes potential for abuse. This paper investigates how user interface design features of a system can be designed to make end users feel more accountable for their actions in the system and less likely to abuse their access rights. To do so, we developed a factorial survey to determine the effects of user interface design features relating to three aspects of accountability: (1) identifiability, (2) evaluation, and (3) social presence. The results of the factorial survey show that the accountability design features significantly reduced intention to commit unauthorized access.
Published in: 2012 45th Hawaii International Conference on System Sciences
Date of Conference: 04-07 January 2012
Date Added to IEEE Xplore: 09 February 2012
ISBN Information:

ISSN Information:

DOI: 10.1109/HICSS.2012.499
Conference Location: Maui, HI, USA
No metrics found for this document.
Contents

1. Introduction

A long-standing tenet of information security is the principle of least privilege, the concept that “every privileged user of the system should operate using the least amount of privilege necessary to complete the job” [42, p. 389]. However, many medical, financial, and personnel records systems are intentionally deployed with seemingly little regard for this principle. Rather than limiting access to specific areas, end users of these systems are given broad access to information.

Usage
Select a Year
2025

View as

Total usage sinceFeb 2012:230
00.511.522.53JanFebMarAprMayJunJulAugSepOctNovDec201000000000
Year Total:3
Data is updated monthly. Usage includes PDF downloads and HTML views.
Citations
4
Crossref®
Search for
Citations in
Google Scholar®
Contact IEEE to Subscribe

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.