The dynamic HomeFinder: evaluating dynamic queries in a real-estate information exploration system
SIGIR '92 Proceedings of the 15th annual international ACM SIGIR conference on Research and development in information retrieval
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Communications of the ACM
Information security is information risk management
Proceedings of the 2001 workshop on New security paradigms
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Pass-thoughts: authenticating with our minds
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A scalable signature scheme for video authentication
Multimedia Tools and Applications
Seeing is believing: designing visualizations for managing risk and compliance
IBM Systems Journal
A human activity approach to user interfaces
Human-Computer Interaction
Guidelines for designing IT security management tools
Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
The compliance budget: managing security behaviour in organisations
Proceedings of the 2008 workshop on New security paradigms
A comprehensive simulation tool for the analysis of password policies
International Journal of Information Security
An information security ontology incorporating human-behavioural implications
Proceedings of the 2nd international conference on Security of information and networks
Musipass: authenticating me softly with "my" song
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Semantics for structured systems modelling and simulation
Proceedings of the 3rd International ICST Conference on Simulation Tools and Techniques
A collaborative ontology development tool for information security managers
Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
Strategy: Got what it takes to be a CISO?
Infosecurity
Reducing normative conflicts in information security
Proceedings of the 2011 workshop on New security paradigms workshop
Rational security: Modelling everyday password use
International Journal of Human-Computer Studies
International Journal of Strategic Information Technology and Applications
Designing interactive secure system: chi 2013 special interest group
CHI '13 Extended Abstracts on Human Factors in Computing Systems
Hi-index | 0.00 |
Recent advances in the research of usable security have produced many new security mechanisms that improve usability. However, these mechanisms have not been widely adopted in practice. In most organisations, IT security managers decide on security policies and mechanisms, seemingly without considering usability. IT security managers consider risk reduction and the business impact of information security controls, but not the impact that controls have on users. Rather than trying to remind security managers of usability, we present a new paradigm -- a stealth approach which incorporates the impact of security controls on users' productivity and willingness to comply into business impact and risk reduction. During two 2-hour sessions, 3 IT security managers discussed with us mock-up tool prototypes that embody these principles, alongside a range of potential usage scenarios (e.g. cloud-based password-cracking attacks and "hot-desking" initiatives). Our tool design process elicits findings to help develop mechanisms to visualise these tradeoffs.