Refine
Document Type
- Article (4) (remove)
Language
- English (4)
Has Fulltext
- yes (4)
Is part of the Bibliography
- no (4)
Keywords
- APCO (1)
- Anonymity Services (1)
- IUIPC (1)
- Internet Users’ Information Privacy Concerns (1)
- Pokémon Go (1)
- Privacy Concerns (1)
- Risk Beliefs (1)
- Trust Beliefs (1)
- bounded rationality (1)
- cloud service provider (1)
- explainability (1)
- interpretability (1)
- machine learning (1)
- mobile augmented reality applications (1)
- nostalgia (1)
- positivity bias (1)
- privacy concerns (1)
- privacy preference (1)
- privacy setting (1)
- risk assessment (1)
- security assessment (1)
- security self-assessment (1)
Institute
- Wirtschaftswissenschaften (4) (remove)
Security has become one of the primary factors that cloud customers consider when they select a cloud provider for migrating their data and applications into the Cloud. To this end, the Cloud Security Alliance (CSA) has provided the Consensus Assessment Questionnaire (CAIQ), which consists of a set of questions that providers should answer to document which security controls their cloud offerings support. In this paper, we adopted an empirical approach to investigate whether the CAIQ facilitates the comparison and ranking of the security offered by competitive cloud providers. We conducted an empirical study to investigate if comparing and ranking the security posture of a cloud provider based on CAIQ’s answers is feasible in practice. Since the study revealed that manually comparing and ranking cloud providers based on the CAIQ is too time-consuming, we designed an approach that semi-automates the selection of cloud providers based on CAIQ. The approach uses the providers’ answers to the CAIQ to assign a value to the different security capabilities of cloud providers. Tenants have to prioritize their security requirements. With that input, our approach uses an Analytical Hierarchy Process (AHP) to rank the providers’ security based on their capabilities and the tenants’ requirements. Our implementation shows that this approach is computationally feasible and once the providers’ answers to the CAIQ are assessed, they can be used for multiple CSP selections. To the best of our knowledge this is the first approach for cloud provider selection that provides a way to assess the security posture of a cloud provider in practice.
Privacy concerns as well as trust and risk beliefs are important factors that can influence users’ decision to use a service. One popular model that integrates these factors is relating the Internet Users Information Privacy Concerns (IUIPC) construct to trust and risk beliefs. However, studies haven’t yet applied it to a privacy enhancing technology (PET) such as an anonymization service. Therefore, we conducted a survey among 416 users of the anonymization service JonDonym [1] and collected 141 complete questionnaires. We rely on the IUIPC construct and the related trust-risk model and show that it needs to be adapted for the case of PETs. In addition, we extend the original causal model by including trust beliefs in the anonymization service provider and show that they have a significant effect on the actual use behavior of the PET.
When requesting a web-based service, users often fail in setting the website’s privacy settings according to their self privacy preferences. Being overwhelmed by the choice of preferences, a lack of knowledge of related technologies or unawareness of the own privacy preferences are just some reasons why users tend to struggle. To address all these problems, privacy setting prediction tools are particularly well-suited. Such tools aim to lower the burden to set privacy preferences according to owners’ privacy preferences. To be in line with the increased demand for explainability and interpretability by regulatory obligations – such as the General Data Protection Regulation (GDPR) in Europe – in this paper an explainable model for default privacy setting prediction is introduced. Compared to the previous work we present an improved feature selection, increased interpretability of each step in model design and enhanced evaluation metrics to better identify weaknesses in the model’s design before it goes into production. As a result, we aim to provide an explainable and transparent tool for default privacy setting prediction which users easily understand and are therefore more likely to use.
Pokémon Go is one of the most successful mobile games of all time. Millions played and still play this mobile augmented reality (AR) application, although severe privacy issues are pervasive in the app due to its use of several sensors such as location data and camera. In general, individuals regularly use online services and mobile apps although they might know that the use is associated with high privacy risks. This seemingly contradictory behavior of users is analyzed from a variety of different perspectives in the information systems domain. One of these perspectives evaluates privacy-related decision making processes based on concepts from behavioral economics. We follow this line of work by empirically testing one exemplary extraneous factor within the “enhanced APCO model” (antecedents–privacy concerns–outcome). Specific empirical tests on such biases are rare in the literature which is why we propose and empirically analyze the extraneous influence of a positivity bias. In our case, we hypothesize that the bias is induced by childhood brand nostalgia towards the Pokémon franchise. We analyze our proposition in the context of an online survey with 418 active players of the game. Our results indicate that childhood brand nostalgia influences the privacy calculus by exerting a large effect on the benefits within the trade-off and, therefore, causing a higher use frequency. Our work shows two important implications. First, the behavioral economics perspective on privacy provides additional insights relative to previous research. However, the effects of several other biases and heuristics have to be tested in future work. Second, relying on nostalgia represents an important, but also double-edged, instrument for practitioners to market new services and applications.