Based on the organizational privacy policy, the system should provide for mechanisms for the adjustment of the level of disclosure that the users are comfortable with and that the organization is willing to accept. Although an ideal level of security is preferred, it may be expensive to achieve; a lower-cost solution that provides an acceptable, if not ideal, level of security may be preferred (Du and Zhan 2002). Moreover, the users may not be willing to disclose information
Kaul | Dissertation | ADAPTATION OF SECURITY THEORY: RE-THEORIZING OF THE BINDPOINT
MODEL 173
to the level of detail required by the system. Therefore, requiring disclosure of limited
information about the private data for better performance is often acceptable in practice (Du and Zhan 2002). For example, in statistical disclosure control, individually identifying information can be protected against recognition of subjects while still providing as much information as possible under these restrictions (Willenborg and De Waal 2001). The system design could also provide the option of a default minimum state of system for unsecure access with minimum/basic functionality and/or access to information or data that does not require secure access.
Further, the design must provide that the decision regarding acceptable security is a choice for both the user and the organization. In this way, both parties to the bindpoint computation have the option to select a threshold level of risk that they are comfortable with; then, the computation permits a go/no-go decision. Thus, the organizational system could provide selected levels of availability into the system based on confidentiality and security requirements, matched against the level of information that the user or their device settings are willing to share in order to be permitted entry.
Du and Zhan (2002) provide a model for acceptable security that is shown in Figure 14 below. In the context of the bindpoint model for BYOD security, the design rule would provide for a level of security that was acceptable to both the entities connecting at the bindpoint. The “ideal security,” then, is the tradeoff between the levels of access that the organization can provide balanced against the tradeoff that the individual is willing to make in terms of
surrendering his or her privacy or control over the individual system to the organization in order to be able to access the organizational system (Smith et al. 2011). This tradeoff would allow for a staggered form of access and availability to the individual, who would not have to completely relinquish personal information and control to the organization. The model for this negotiated
Kaul | Dissertation | ADAPTATION OF SECURITY THEORY: RE-THEORIZING OF THE BINDPOINT
MODEL 174
and acceptable level of security that is adapted from the Du and Zhan (2002) model is presented below in Figure 15.
Figure 14: Model of Acceptable Security from Du and Zhan (2002)
Figure 15: Bindpoint Model of Acceptable Security – Adapted from Du and Zhan (2002)
One of the concerns that the bindpoint model raised was the issue of individual privacy. Participants felt that the process of security computation required the provision of detailed
information attributes pertaining to the technology being used in order for the bindpoint access to be computed. As one search conference participant pointed out:
I was going to say, the level of intimacy that the person has with the resource provider. You know, you ask my employer, what are the different attributes about me? If I set up, sign up from a stray mail account, mail dot com, do I really want to give them (the organization) more other than my password? Do they really need my intimate information?
Kaul | Dissertation | ADAPTATION OF SECURITY THEORY: RE-THEORIZING OF THE BINDPOINT
MODEL 175
There was a level of discomfort in not knowing which attributes related to their personal technology would be captured in order for the organizational information system to grant access to the connectivity.
I think the point you’re making, which is a critical one, is how does this affect the privacy on the individual’s side? Because in order for this to work, you got to have all that stuff exposed—because you don’t know what it's going to be. So if you don’t know what it is, it all has to be available, which then opens up the issue of privacy.
Moreover, participants were quite uncomfortable with the potential misuse of such information in the future. They were concerned that in the world of “big data,” the personal information that they shared in the form of information attributes related to the connection between the individual and organizational system might somehow be mined, raising privacy concerns.
And, it’ll be amazing how much personal information is out there on you already. And that’s what, in the back of my mind, I’m always thinking, “I’m leaving a nugget of information over here on the web, over here … And they’re data mining it … if someone’s data mining it. I know he’s over here now, and he’s over here now. They could stitch it all together.
Therefore, by providing the option of an acceptable level of security, the organization will allow individuals to make an educated decision in regard to information-sharing versus the level of access they are permitted.
Rule 6: Establish and adhere to minimum required performance standards. Even in