UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Lacking the Tools and Support to Fix Friction: Results from an Interview Study with Security Managers

Hielscher, Jonas; Schöps, Markus; Menges, Uta; Gutfleisch, Marco; Helbling, Mirko; Sasse, M Angela; (2023) Lacking the Tools and Support to Fix Friction: Results from an Interview Study with Security Managers. In: Proceedings of the 19th Symposium on Usable Privacy and Security, SOUPS 2023. (pp. pp. 131-150). USENIX: ANAHEIM, CA, USA. Green open access

[thumbnail of soups2023-hielscher.pdf]
Preview
Text
soups2023-hielscher.pdf - Accepted Version

Download (320kB) | Preview

Abstract

Security managers often perceive employees as the key vulnerability in organizations when it comes to security threats, and complain that employees do not follow secure behaviors defined by their security policies and mechanisms. Research has shown, however, that security often interferes with employees primary job function, causing friction and reducing productivity – so when employees circumvent security measures, it is to protect their own productivity, and that of the organization. In this study, we explore to what extent security managers are aware of the friction their security measures cause, if they are aware of usable security methods and tools they could apply to reduce friction, and if they have tried to apply them. We conducted 14 semi-structured interviews with experienced security managers (CISOs and security consultants, with an average 20 years experience) to investigate how security friction is dealt with in organizations. The results of the interviews show security managers are aware that security friction is a significant problem that often reduces productivity and increases the organization’s vulnerability. They are also able to identify underlying causes, but are unable to tackle them because the organizations prioritize compliance with relevant external standards, which leaves no place for friction considerations. Given these blockers to reducing security friction in organizations, we identify a number of possible ways forward, such as: including embedding usable security in regulations and norms, developing positive key performance indicators (KPIs) for usable security measures, training security managers, and incorporating usability aspects into the daily processes to ensure security frictionless work routines for everyone.

Type: Proceedings paper
Title: Lacking the Tools and Support to Fix Friction: Results from an Interview Study with Security Managers
Event: Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023)
Open access status: An open access version is available from UCL Discovery
Publisher version: https://www.usenix.org/conference/soups2023/presen...
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10185015
Downloads since deposit
8Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item