Security and Privacy as Hygiene Factors of Developer Behavior in Small and Agile Teams

  • Kai-Uwe Loser
  • Martin Degeling
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 431)

Abstract

User motivations are often considered in human computer relations. The analysis of developer behavior often lacks this perspective. Herzberg’s distinction of motivators and hygiene factors adds a level for the analyses of those sociotechnical phenomena that lead to skipping of security and privacy requirements especially in agile development projects. Requirements of security and privacy are not considered nice-to-have, but as necessary hygiene factors of systems attractiveness, motivation for extra effort is low with respect to those requirements. The motivators for developers – functionality that makes a system special and which is valued by customers and users are dominant for the decisions about priorities of development – hygiene factors like many security requirements get a lower priority. In this paper we introduce this theory with relation to known problems of (agile) development projects with respect to implementing security and privacy. We present this with a case study of mobile app development in a research project that we analyzed by security and privacy aspects.

Keywords

security and privacy agile development Herzberg’s theory motivation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Herzberg, F., Mausner, B., Snyderman, B.B.: Motivation to work. Transaction Publishers (1959)Google Scholar
  2. 2.
    Herzberg, F.: The motivation-hygiene concept and problems of manpower. Pers. Adm. (1964)Google Scholar
  3. 3.
    Miner, J.B.: Organizational Behavior 2: Essential Theories of Process and Structure. M.E. Sharpe (2005)Google Scholar
  4. 4.
    Bassett-Jones, N., Lloyd, G.C.: Does Herzberg’s motivation theory have staying power? J. Manag. Dev. 24, 929–943 (2005)CrossRefGoogle Scholar
  5. 5.
    Hassenzahl, M.: Experience Design. Technology for All the Right Reasons. Morgan and Claypool, Penn State University (2010)Google Scholar
  6. 6.
    Crompton, J.L.: Adapting Herzberg: A conceptualization of the effects of hygiene and motivator attributes on perceptions of event quality. J. Travel Res. 41, 305–310 (2003)CrossRefGoogle Scholar
  7. 7.
    Hansen, M.: Top 10 Mistakes in System Design from a Privacy Perspective and Privacy Protection Goals. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 375, pp. 14–31. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Rost, M., Pfitzmann, A.: Datenschutz-Schutzziele—revisited. Datenschutz Datensicherheit 33, 353–358 (2009)CrossRefGoogle Scholar
  9. 9.
    Sodiya, A.S., Onashoga, S.A., Ajayi, O.B.: Towards building secure software systems. Issues Informing Sci. Inf. Technol. 3 (2006)Google Scholar
  10. 10.
    McGraw, G.: From the ground up: The DIMACS software security workshop. Secur. Priv. IEEE 1, 59–66 (2003)Google Scholar
  11. 11.
    Anderson, R.: Security engineering: a guide to building dependable distributed systems. Wiley, Indianapolis (2008)Google Scholar
  12. 12.
    Siponen, M., Baskerville, R., Kuivalainen, T.: Integrating Security into Agile Development Methods. In: Proceedings of the 38th Annual Hawaii International Conference on System Sciences, HICSS 2005, p. 185a (2005)Google Scholar
  13. 13.
    Boström, G., Wäyrynen, J., Bodén, M., Beznosov, K., Kruchten, P.: Extending XP practices to support security requirements engineering. Presented at the (2006)Google Scholar
  14. 14.
    Beznosov, K., Kruchten, P.: Towards agile security assurance. In: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 47–54 (2004)Google Scholar
  15. 15.
    Spiekermann, S., Cranor, L.F.: Engineering Privacy. IEEE Trans. Softw. Eng. 35, 67–82 (2009)CrossRefGoogle Scholar
  16. 16.
    Degeling, M., Ackema, R.: D9.1 User studies on privacy needs, privacy model and privacy guidelines (2011)Google Scholar
  17. 17.
    Higgins, T.: Promotion and Prevention: Regulatory Focus as a Motivational Principle. Advances in Experimental Social Psychology. Academic Press (1998)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Kai-Uwe Loser
    • 1
  • Martin Degeling
    • 1
  1. 1.Institute of Work ScienceRuhr-UniversityBochumGermany

Personalised recommendations