Additional searches providing added insight, annotated bibliographies, and thesis

Uncategorized, , , ,
geralt / Pixabay

Searches

This week I performed a few new searches with terms that I found reoccurring in articles that I have found over the past several weeks to see if I could possibly find new relevant research to further my understanding of what answers are currently available pertaining to my research topic, “What do consumers understand about the steps required to secure their IoT devices?”

The first search that I performed was in that Applied Science & Technology Abstracts database. I performed a basic search for “Data Protection” AND “User” while limiting the results to Full Text and Peer Reviewed articles, 47 results were returned. The results were generally relevant and from this search I found one article, “Smart Home Personal Assistants: A security and privacy review” (annotated below), that was particularly pertinent to my research question.

The next search that I performed was against the Library, Information Science & Technology Abstracts database. I performed a basic search for “User Security” while limiting the results to Full Text and Peer Reviewed articles, 31 results were returned. The results were quite on point with my research goal, and I was able to quickly find 2 new articles that were relevant to me. Those include “Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users” and “Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective” (both annotated below).

The third search that I performed was in the Computer Source database. I performed a basic search for “User security” AND “Internet of Things” while limiting the results to Full Text and Peer Reviewed articles, 4 results were returned. Although the results size was limited and a couple of the articles did not pertain to my prompt, I did find “An Empirical Study of the Impacts of Perceived Security and Knowledge on Continuous Intention to Use Mobile Fintech Payment Services” (annotated below) which lends itself very well to supporting one facet of IoT device security, which is securing financial transactions.

The fourth search that I performed was in the Computer Science Collection database. I performed a basic search for “User Security” AND “Data Protection” which generated 817 results. This was with results limited to Full Text and Peer Reviewed articles. I revised the search to also include “Internet of Things” as a subject term which refined the results to 36. These results were generally useful and I located one article that directly pertains to my question, “What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages?”

Blythe, J. M., Sombatruang, N., & Johnson, S. D. (2019). What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages? Journal of Cybersecurity, 5(1). https://doi.org/10.1093/cybsec/tyz005

The fifth search that I made was on the Computer Science database. I performed a common search for “Data security” AND “Consumer” while limiting the results to Full Text and Peer Reviewed articles, 37 results were returned. While the result of this query did produce many articles that I feel could align with my research, one stuck out to me that provided some new novel information.

Wolf, F., Kuber, R., & Aviv, A. J. (2018). An empirical study examining the perceptions and behaviours of security-conscious users of mobile authentication. Behaviour & Information Technology, 37(4), 320–334. https://doi.org/10.1080/0144929x.2018.1436591

Through all the searches that I performed this week the common theme was that I utilized recurring terms that I found in other articles that I had already located that provided insight of the current body of knowledge on my subject. That said, as I’ve read through these new articles, I’ve started to notice even more trending phrased, “Human factor” for instance, that I believe could produce additional articles relevant to my study. So in a manner of speaking, I feel that there is still more to be found and my queries have not reached a point of saturation.

Thesis

In the current landscape of small user computing devices becoming a more integral part of daily routines, understanding how and why those devices can put a typical user at risk is important. Internet of Things (IoT) devices have become common in many households and their benefit to a typical consumer have already been realized. These devices can range anywhere from a thermostat that controls a home’s air conditioning system, sensors in your refrigerator that can report usage and tell you when you when to purchase a new water filter, to the smart personal assistance, such as Amazon Alexa, that can control many facets of your life and even order goods online simply with a voice command. As more and more of these devices start to surface in homes it is paramount to understand that they also present an attack surface for malicious hackers that seek to compromise them for a variety of goals. At this point I feel that it is incumbent of the consumer to be actively engaged in securing these devices, but that requires a certain level of acumen that may not be inherent for a typical user. Every successful initiative must start somewhere though, and I see the first step is the get a baseline understanding of what the typical consumer understanding is. This research looks to address the question what do consumers understand about the steps required to secure their IoT devices?

Annotated Bibliographies

Unable to paste with hanging indents, please excuse formatting.

Abawajy, J. (2012). User Preference of Cyber Security Awareness Delivery Methods. Behaviour & Information Technology, 33(3), 237–248. https://doi.org/10.1080/0144929x.2012.708787
This article brings to light the challenges present to an organization’s security hygiene relevant to users. The main vulnerability discussed is phishing which was and still is a major threat to organization’s data. They test several methods of delivering security awareness training to staff in an effort to determine which potentially made the greatest impact. The details of pre-testing and some of the challenges of faced concerning the users growth provide context to my research topic by providing an understanding of a typical users baseline knowledge of security vulnerabilities and what methods are already being implemented to improve this.

Edu, J. S., Such, J. M., & Suarez-Tangil, G. (2021). Smart Home Personal Assistants: A security and Privacy Review. ACM Computing Surveys, 53(6), 1–36. https://doi.org/10.1145/3412383
This article discusses the personal assistants such as Amazon Alexa and Google Home to identify the security available to the end user. These IoT devices have security concerns inherent in the way that users interact with the devices and it reads apparent in the article that any attempt to secure the devices have been built in as an afterthought. The main challenge discussed in presenting new security measures to these devices is that it can render the device less useful to the user. There is great information presented in the closing that discusses user awareness as an important factor in any security measures and ways to mitigate a reduced usefulness. The information found here serves to support the need for my research by eluding to a general lack of knowledge from the typical consumer when adding these nodes to their home network.

Hanus, B., & Wu, Y. A. (2015). Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective. Information Systems Management, 33(1), 2–16. https://doi.org/10.1080/10580530.2015.1117842
This article explores user security as it relates to desktop environments. It goes about this is a novel way by focusing leveraging the protection motivation theory to study if threat awareness and/or countermeasure awareness have an impact of user’s desktop security behaviors. Although this specific research focuses on desktop infrastructure and not IoT devices, the theme of user awareness and what effect increases awareness have of user behavior still provided valuable information. The increased user security efficiency found in this article suggest researching users current knowledge set pertaining to their IoT devices would be beneficial.

Imgraben, J., Engelbrecht, A., & Choo, K. K. R. (2014). Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users. Behaviour & Information Technology, 33(12), 1347–1360. https://doi.org/10.1080/0144929x.2014.934286
This survey investigated a group on smart phone user’s security knowledge and perception of their personal data’s value to would be attackers. The perspective that they gained in their study found that most IoT users do not perceive security as a primary concern and undervalue their own identity as they feel it would not be of value to malicious attackers. The topic of this paper is in direct correlation to the question that I hope to explore. On top of gaining a deeper understanding of consumer’s security activities and knowledge they also propose various measures to increase consumer’s security hygiene.

Lim, S. H., Kim, D. J., Hur, Y., & Park, K. (2018). An Empirical Study of the Impacts of Perceived Security and Knowledge on Continuous Intention to Use Mobile Fintech Payment Services. International Journal of Human–Computer Interaction, 35(10), 886–898. https://doi.org/10.1080/10447318.2018.1507132
This study looked to understand and explain the factors that contribute to the continued use of financial technology payment solutions such as Apple Pay. Since this is a newer offering even for IoT devices, one of the main points that this group looked understand is how the perceived security of the services effected a user’s willingness to adopt the new platform. As a side effect of that quest, there is valuable data withing that speaks to a user’s security knowledge, or at least their perception of their own knowledge set. While this study did not test a participant understanding of IoT security it does speak to how their perceived knowledge indirectly relates to their willingness to adopt new useful technologies which is beneficial to comprehending why my question serves an important purpose.

 

About Mark Ray

I am a middle aged man trying to find my way in an increasingly complex world. Despite the ever-changing landscape of life, I commonly find myself projecting a stoic reminder to colleagues and classmates that you only get something out of it if you give back. Find humor in the common and purpose in adversity, then let the cards fall where they may.

Leave a Reply

Your email address will not be published. Required fields are marked *