Hielscher, Jonas;
Schöps, Markus;
Menges, Uta;
Gutfleisch, Marco;
Helbling, Mirko;
Sasse, M Angela;
(2023)
Lacking the Tools and Support to Fix Friction: Results from an Interview Study with Security Managers.
In:
Proceedings of the 19th Symposium on Usable Privacy and Security, SOUPS 2023.
(pp. pp. 131-150).
USENIX: ANAHEIM, CA, USA.
Preview |
Text
soups2023-hielscher.pdf - Accepted Version Download (320kB) | Preview |
Abstract
Security managers often perceive employees as the key vulnerability in organizations when it comes to security threats, and complain that employees do not follow secure behaviors defined by their security policies and mechanisms. Research has shown, however, that security often interferes with employees primary job function, causing friction and reducing productivity – so when employees circumvent security measures, it is to protect their own productivity, and that of the organization. In this study, we explore to what extent security managers are aware of the friction their security measures cause, if they are aware of usable security methods and tools they could apply to reduce friction, and if they have tried to apply them. We conducted 14 semi-structured interviews with experienced security managers (CISOs and security consultants, with an average 20 years experience) to investigate how security friction is dealt with in organizations. The results of the interviews show security managers are aware that security friction is a significant problem that often reduces productivity and increases the organization’s vulnerability. They are also able to identify underlying causes, but are unable to tackle them because the organizations prioritize compliance with relevant external standards, which leaves no place for friction considerations. Given these blockers to reducing security friction in organizations, we identify a number of possible ways forward, such as: including embedding usable security in regulations and norms, developing positive key performance indicators (KPIs) for usable security measures, training security managers, and incorporating usability aspects into the daily processes to ensure security frictionless work routines for everyone.
Type: | Proceedings paper |
---|---|
Title: | Lacking the Tools and Support to Fix Friction: Results from an Interview Study with Security Managers |
Event: | Nineteenth Symposium on Usable Privacy and Security (SOUPS 2023) |
Open access status: | An open access version is available from UCL Discovery |
Publisher version: | https://www.usenix.org/conference/soups2023/presen... |
Language: | English |
Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/10185015 |
Archive Staff Only
View Item |