User values and the development of a cybersecurity public policy for the IoT

•IoT user values are elicited and converted into objectives, showing key security concerns for IoT use.•IoT user implementation preferences are elicited for the objectives using implementation scenarios.•Individual and Group-based utility functions are calculated demonstrating IoT user policy develo...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information management 2021-02, Vol.56, p.102123, Article 102123
Main Authors: Smith, Kane J., Dhillon, Gurpreet, Carter, Lemuria
Format: Article
Language:English
Subjects:
Cyber security
IoT
Policy planning
Public values
Qualitative research
Strategic objectives
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•IoT user values are elicited and converted into objectives, showing key security concerns for IoT use.•IoT user implementation preferences are elicited for the objectives using implementation scenarios.•Individual and Group-based utility functions are calculated demonstrating IoT user policy development preference.•Provides policy-makers with critical information needed for decision-making, incorporating user stakeholders in the process.•Develops key theoretically-based objectives for understanding the IoT stakeholder. Public administrators, entrusted to develop public policy to manage the growing complexities of the IoT, face significant challenges. The challenges exist because of three reasons; First, there is a lack of policy direction. Second, user values related to cybersecurity are not well understood. Third, there is a lack of clarity as to how IoT public policy should be developed. In this paper we argue that new IoT policy should be guided by key stakeholder values (i.e. what users think to be important). We utilize the Public Value Forum to elicit public values to inform decision-making surrounding IoT policy by public administrators, conceptually informed by Rational choice theory. We use a five-phase process to introduce the decision context (i.e. the policy problem), define fundamental objectives, rank these objectives, identify value-based trade-offs between them and construct a multi-attribute utility model. The findings indicate several key themes for IoT security from the citizens themselves and decision-making administrators in diverse public agencies developing IoT cybersecurity public policy.
ISSN:0268-4012
1873-4707
DOI:10.1016/j.ijinfomgt.2020.102123