Toggle Main Menu Toggle Search

Open Access padlockePrints

A Stealth Approach to Usable Security: Helping IT Security Managers to Identify Workable Security Solutions

Lookup NU author(s): Dr Simon Parkin, Professor Aad van Moorsel

Downloads


Abstract

Recent strides in usability research have produced various solutions to assist computer users during interactions with IT security mechanisms. However, the usability concerns of users within organisations are not considered or simply not apparent to the one individual who can effect change, the IT security manager. Ideally these concerns would resonate with the IT security manager, and here we explore how that can be realised, through the design of a password policy decision-support tool. During two 2-hour sessions, 3 IT security managers discussed with us our mock-up prototypes and a range of potential usage scenarios (e.g. cloud-based password-cracking attacks and “hot desking” initiatives). We find that the experience of the end-user is currently not appropriately represented within the IT security manager’s decision-making process, where the financial costs/benefits and business impacts of information security controls are foremost. Our tool design process elicits findings to help develop mechanisms to visualise these tradeoffs.


Publication metadata

Author(s): Parkin S, van Moorsel A, Inglesant P, Sasse MA

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2010

Pages: 18

Print publication date: 01/07/2010

Source Publication Date: July 2010

Report Number: 1209

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne

URL: http://www.cs.ncl.ac.uk/publications/trs/papers/1209.pdf


Share