1 research outputs found
Human Factors in Security Research: Lessons Learned from 2008-2018
Instead of only considering technology, computer security research now
strives to also take into account the human factor by studying regular users
and, to a lesser extent, experts like operators and developers of systems. We
focus our analysis on the research on the crucial population of experts, whose
human errors can impact many systems at once, and compare it to research on
regular users. To understand how far we advanced in the area of human factors,
how the field can further mature, and to provide a point of reference for
researchers new to this field, we analyzed the past decade of human factors
research in security and privacy, identifying 557 relevant publications. Of
these, we found 48 publications focused on expert users and analyzed all in
depth. For additional insights, we compare them to a stratified sample of 48
end-user studies.
In this paper we investigate:
(i) The perspective on human factors, and how we can learn from safety
science (ii) How and who are the participants recruited, and how this -- as we
find -- creates a western-centric perspective (iii) Research objectives, and
how to align these with the chosen research methods (iv) How theories can be
used to increase rigor in the communities scientific work, including
limitations to the use of Grounded Theory, which is often incompletely applied
(v) How researchers handle ethical implications, and what we can do to account
for them more consistently
Although our literature review has limitations, new insights were revealed
and avenues for further research identified