Toggle Main Menu Toggle Search

ePrints

A stealth approach to usable security: helping IT security managers to identify workable security solutions

Lookup NU author(s): Dr Simon Parkin, Professor Aad van Moorsel

Downloads

Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Abstract

Recent advances in the research of usable security have produced many new security mechanisms that improve usability. However, these mechanisms have not been widely adopted in practice. In most organisations, IT security managers decide on security policies and mechanisms, seemingly without considering usability. IT security managers consider risk reduction and the business impact of information security controls, but not the impact that controls have on users. Rather than trying to remind security managers of usability, we present a new paradigm -- a stealth approach which incorporates the impact of security controls on users' productivity and willingness to comply into business impact and risk reduction. During two 2-hour sessions, 3 IT security managers discussed with us mock-up tool prototypes that embody these principles, alongside a range of potential usage scenarios (e.g. cloud-based password-cracking attacks and "hot-desking" initiatives). Our tool design process elicits findings to help develop mechanisms to visualise these tradeoffs.


Publication metadata

Author(s): Parkin S, van Moorsel A, Inglesant P, Sasse MA

Publication type: Conference Proceedings (inc. Abstract)

Conference Name: NSPW 2010: Proceedings of the 2010 Workshop on New Security Paradigms

Year of Conference: 2010

Pages: 33-49

Publisher: ACM

URL: http://dx.doi.org/10.1145/1900546.1900553

DOI: 10.1145/1900546.1900553

Library holdings: Search Newcastle University Library for this item

ISBN: 9781450304153


Actions

Link to this publication


Share