Abstract:
This paper explores the effectiveness of usage control deterrents. Usage control enables finer-grained control over the usage of objects
than do traditional access control models. Deterrent controls are intended to discourage individuals from intentionally violating
information security policies or procedures. In this context, an adaptation of usage control is assessed as a proactive means of
deterrence control to protect information that cannot be adequately or reasonably protected by access control. These deterrents are
evaluated using the design science methodology. Parallel prototypes were developed with the aim of producing multiple alternatives,
thereby shifting the focus from purely usability testing to model testing.
