UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

A stealth approach to usable security: Helping IT security managers to identify workable security solutions

Parkin, S; Van Moorsel, A; Inglesant, P; Sasse, MA; (2010) A stealth approach to usable security: Helping IT security managers to identify workable security solutions. In: Proceedings New Security Paradigms Workshop. (pp. 33 - 49). ACM Green open access

[img] PDF
Parkin_et_al._-_2010_-_A_Stealth_Approach_to_Usable_Security_Helping_IT-preprint.pdf

Download (555kB)

Abstract

Recent advances in the research of usable security have produced many new security mechanisms that improve usability. However, these mechanisms have not been widely adopted in practice. In most organisations, IT security managers decide on security policies and mechanisms, seemingly without considering usability. IT security managers consider risk reduction and the business impact of information security controls, but not the impact that controls have on users. Rather than trying to remind security managers of usability, we present a new paradigm -- a stealth approach which incorporates the impact of security controls on users' productivity and willingness to comply into business impact and risk reduction. During two 2-hour sessions, 3 IT security managers discussed with us mock-up tool prototypes that embody these principles, alongside a range of potential usage scenarios (e.g. cloud-based password-cracking attacks and "hot-desking" initiatives). Our tool design process elicits findings to help develop mechanisms to visualise these tradeoffs.

Type: Proceedings paper
Title: A stealth approach to usable security: Helping IT security managers to identify workable security solutions
Event: New Security Paradigms Workshop 2010
ISBN-13: 9781450304153
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/1900546.1900553
Publisher version: http://dx.doi.org/10.1145/1900546.1900553
Language: English
Additional information: "© ACM 2010. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the 2010 workshop on New security paradigms Pages, http://dx.doi.org/10.1145/1900546.1900553."
UCL classification: UCL > School of BEAMS > Faculty of Engineering Science > Computer Science
URI: http://discovery.ucl.ac.uk/id/eprint/119057
Downloads since deposit
65Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item