A Stealth Approach to Usable Security: Helping IT Security Managers to Identify Workable Security Solutions

  1. Lookup NU author(s)
  2. Dr Simon Parkin
  3. Professor Aad van Moorsel
Author(s)Parkin S, van Moorsel A, Inglesant P, Sasse MA
Publication type Report
Series TitleSchool of Computing Science Technical Report Series
Legacy DateJuly 2010
Report Number1209
Full text is available for this publication:
Recent strides in usability research have produced various solutions to assist computer users during interactions with IT security mechanisms. However, the usability concerns of users within organisations are not considered or simply not apparent to the one individual who can effect change, the IT security manager. Ideally these concerns would resonate with the IT security manager, and here we explore how that can be realised, through the design of a password policy decision-support tool. During two 2-hour sessions, 3 IT security managers discussed with us our mock-up prototypes and a range of potential usage scenarios (e.g. cloud-based password-cracking attacks and “hot desking” initiatives). We find that the experience of the end-user is currently not appropriately represented within the IT security manager’s decision-making process, where the financial costs/benefits and business impacts of information security controls are foremost. Our tool design process elicits findings to help develop mechanisms to visualise these tradeoffs.
InstitutionSchool of Computing Science, University of Newcastle upon Tyne
Place PublishedNewcastle upon Tyne
ActionsLink to this publication