Flowchart:
Hypothesis: Users that are introducing Internet of Things (IoT) devices onto their home network do so without considering device security. This is not a reflection of negligence, but rather a deficit in understanding their risks. Exposing a group of current IoT adopters to material that reveals vulnerabilities and warns of the personal risks associated with not taking steps to secure the device will find end users are not adequately versed about the security of their IoT devices.
Proposal Outline
Introduction
- Speak to the current landscape of IoT security and inherent security concerns and opportunities
-
- Edu, J. S., Such, J. M., & Suarez-Tangil, G. (2021). Smart Home Personal Assistants: A security and Privacy Review. ACM Computing Surveys, 53(6), 1–36. https://doi.org/10.1145/3412383
This article discusses the personal assistants such as Amazon Alexa and Google Home to identify the security available to the end user. These IoT devices have security concerns inherent in the way that users interact with the devices and it reads apparent in the article that any attempt to secure the devices have been built in as an afterthought. The main challenge discussed in presenting new security measures to these devices is that it can render the device less useful to the user. There is great information presented in the closing that discusses user awareness as an important factor in any security measures and ways to mitigate a reduced usefulness. The information found here serves to support the need for my research by eluding to a general lack of knowledge from the typical consumer when adding these nodes to their home network.
- Edu, J. S., Such, J. M., & Suarez-Tangil, G. (2021). Smart Home Personal Assistants: A security and Privacy Review. ACM Computing Surveys, 53(6), 1–36. https://doi.org/10.1145/3412383
- Contrast this with the adaptive security measures that have taken place since the widespread adoption of the personal computer
-
- Hanus, B., & Wu, Y. A. (2015). Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective. Information Systems Management, 33(1), 2–16. https://doi.org/10.1080/10580530.2015.1117842
This article explores user security as it relates to desktop environments. It goes about this is a novel way by focusing leveraging the protection motivation theory to study if threat awareness and/or countermeasure awareness have an impact of user’s desktop security behaviors. Although this specific research focuses on desktop infrastructure and not IoT devices, the theme of user awareness and what effect increases awareness have of user behavior still provided valuable information. The increased user security efficiency found in this article suggest researching users current knowledge set pertaining to their IoT devices would be beneficial. Slightly revised thesis from Week 13 post
- Hanus, B., & Wu, Y. A. (2015). Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective. Information Systems Management, 33(1), 2–16. https://doi.org/10.1080/10580530.2015.1117842
- Proposal Hypothesis
Literature Review
- Fintech Solution comparison
- Lim, S. H., Kim, D. J., Hur, Y., & Park, K. (2018). An Empirical Study of the Impacts of Perceived Security and Knowledge on Continuous Intention to Use Mobile Fintech Payment Services. International Journal of Human–Computer Interaction, 35(10), 886–898. https://doi.org/10.1080/10447318.2018.1507132
This study looked to understand and explain the factors that contribute to the continued use of financial technology payment solutions such as Apple Pay. Since this is a newer offering even for IoT devices, one of the main points that this group looked understand is how the perceived security of the services effected a user’s willingness to adopt the new platform. As a side effect of that quest, there is valuable data withing that speaks to a user’s security knowledge, or at least their perception of their own knowledge set. While this study did not test a participant understanding of IoT security it does speak to how their perceived knowledge indirectly relates to their willingness to adopt new useful technologies which is beneficial to comprehending why my question serves an important purpose. Preimesberger, C. (2016). 5 Common Phishing Attacks and 5 Ways Not to Get Hooked. EWeek, 1.
- Lim, S. H., Kim, D. J., Hur, Y., & Park, K. (2018). An Empirical Study of the Impacts of Perceived Security and Knowledge on Continuous Intention to Use Mobile Fintech Payment Services. International Journal of Human–Computer Interaction, 35(10), 886–898. https://doi.org/10.1080/10447318.2018.1507132
- Exploring current efforts to encourage end user awareness and training
- Abawajy, J. (2012). User Preference of Cyber Security Awareness Delivery Methods. Behaviour & Information Technology, 33(3), 237–248. https://doi.org/10.1080/0144929x.2012.708787
This article brings to light the challenges present to an organization’s security hygiene relevant to users. The main vulnerability discussed is phishing which was and still is a major threat to organization’s data. They test several methods of delivering security awareness training to staff in an effort to determine which potentially made the greatest impact. The details of pre-testing and some of the challenges of faced concerning the users growth provide context to my research topic by providing an understanding of a typical users baseline knowledge of security vulnerabilities and what methods are already being implemented to improve this.
- Abawajy, J. (2012). User Preference of Cyber Security Awareness Delivery Methods. Behaviour & Information Technology, 33(3), 237–248. https://doi.org/10.1080/0144929x.2012.708787
Methodology
- Explain method of identifying quality participants
- For the purposes of this study a random sample of consumers that already operate some form of IoT device withing their home would be required
- Explore the relevance of a baseline survey and provide examples
- Engages end users to ponder their responsibilities relevant to their IoT devices
- Overview of the topics addressed during experimental group’s research teachings
- Explore the quantitative survey of all participants
- Seeks to understand what controls typical end users are familiar with
- Will require a self assessment that will allow us to understand how confident they are in their devices currently being secure
- Judge how important security is to the IoT user
Discussion
Explore who the possible findings in the study should influence and potential take-aways
Explore how the information gathered could be leveraged to improve typical end user device security
Explore possible industry shift that could force manufactures and programmers to ensure that device security is a primary concern and not a secondary add-in effort.