Kirlappos, I; Sasse, MA; (2014) What usable security really means: Trusting and engaging users. In: Tryfonas, T and Askoxylakis, I, (eds.) Human Aspects of Information Security, Privacy, and Trust: Second International Conference, HAS 2014, Held as Part of HCI International 2014, Heraklion, Crete, Greece, June 22-27, 2014. Proceedings. (pp. 69 - 78). Springer International Publishing: Switzerland.

Preview

Text Kirlappos_What usable security really means-nc.pdf Download (343kB) | Preview

Abstract

Non-compliance with security mechanisms and processes poses a significant risk to organizational security. Current approaches focus on designing systems that restrict user actions to make them 'secure', or providing user interfaces to make security tools 'easy to use'. We argue that an important but often-neglected aspect of compliance is trusting employees to 'do what's right' for security. Previous studies suggest that most employees are intrinsically motivated to behave securely, and that contextual elements of their relationship with the organization provide further motivation to stay secure. Drawing on research on trust, usable security, and economics of information security, we outline how the organization-employee trust relationship can be leveraged by security designers. © 2014 Springer International Publishing.

Download activity - last month

Export as XMLCSVJSON

Download activity - last 12 months

Export as CSVJSONXML

Downloads by country - last 12 months

Export as JSONCSVXML

Archive Staff Only

View Item