Parkin, S;
Epili, S;
(2015)
A technique for using employee perception of security to support usability diagnostics.
In:
2015 Workshop on Socio-Technical Aspects in Security and Trust (STAST).
(pp. pp. 1-8).
IEEE: Verona, Italy.
Preview |
Text
Parkin_A Technique for using Employee Perception of Security to Support Usability Diagnostics _2.pdf Download (462kB) | Preview |
Abstract
Problems of unusable security in organisations are widespread, yet security managers tend not to listen to employees' views on how usable or beneficial security controls are for them in their roles. Here we provide a technique to drive management of security controls using end-user perceptions of security as supporting data. Perception is structured at the point of collection using Analytic Hierarchy Process techniques, where diagnostic rules filter user responses to direct remediation activities, based on recent research in the human factors of information security. The rules can guide user engagement, and support identification of candidate controls to maintain, remove, or learn from. The methodology was incorporated into a prototype dashboard tool, and a preliminary validation conducted through a walk-through consultation with a security manager in a large organisation. It was found that user feedback and suggestions would be useful if they can be structured for review, and that categorising responses would help when revisiting security policies and identifying problem controls.
| Type: | Proceedings paper |
|---|---|
| Title: | A technique for using employee perception of security to support usability diagnostics |
| Event: | 2015 Workshop on Socio-Technical Aspects in Security and Trust (STAST) |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1109/STAST.2015.9 |
| Publisher version: | http://dx.doi.org/10.1109/STAST.2015.9 |
| Language: | English |
| Additional information: | Copyright © 2015 IEEE. |
| Keywords: | analytic hierarchy process, human factors of security, information security, security policies |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/1473629 |
Loading...
Loading...Loading...Loading...Archive Staff Only
 |
View Item |
