116,173 research outputs found
Towards Enhanced Usability of IT Security Mechanisms - How to Design Usable IT Security Mechanisms Using the Example of Email Encryption
Nowadays, advanced security mechanisms exist to protect data, systems, and
networks. Most of these mechanisms are effective, and security experts can
handle them to achieve a sufficient level of security for any given system.
However, most of these systems have not been designed with focus on good
usability for the average end user. Today, the average end user often struggles
with understanding and using security mecha-nisms. Other security mechanisms
are simply annoying for end users. As the overall security of any system is
only as strong as the weakest link in this system, bad usability of IT security
mechanisms may result in operating errors, resulting in inse-cure systems.
Buying decisions of end users may be affected by the usability of security
mechanisms. Hence, software provid-ers may decide to better have no security
mechanism then one with a bad usability. Usability of IT security mechanisms is
one of the most underestimated properties of applications and sys-tems. Even IT
security itself is often only an afterthought. Hence, usability of security
mechanisms is often the after-thought of an afterthought. This paper presents
some guide-lines that should help software developers to improve end user
usability of security-related mechanisms, and analyzes com-mon applications
based on these guidelines. Based on these guidelines, the usability of email
encryption is analyzed and an email encryption solution with increased
usability is presented. The approach is based on an automated key and trust
man-agement. The compliance of the proposed email encryption solution with the
presented guidelines for usable security mechanisms is evaluated
Security and Online learning: to protect or prohibit
The rapid development of online learning is opening up many new learning opportunities. Yet, with this increased potential come a myriad of risks. Usable security systems are essential as poor usability in security can result in excluding intended users while allowing sensitive data to be released to unacceptable recipients. This chapter presents findings concerned with usability for two security issues: authentication mechanisms and privacy. Usability issues such as memorability, feedback, guidance, context of use and concepts of information ownership are reviewed within various environments. This chapter also reviews the roots of these usability difficulties in the culture clash between the non-user-oriented perspective of security and the information exchange culture of the education domain. Finally an account is provided of how future systems can be developed which maintain security and yet are still usable
Finding and Resolving Security Misusability with Misusability Cases
Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems
Persistent issues in encryption software: A heuristic and cognitive walkthrough
The support information accompanying security software can be difficult to understand by end-users, who have little knowledge in cyber security. One mechanism for ensuring the integrity and confidentiality of information is encryption software. Unfortunately, software usability issues can hinder an end-userâs capability to properly utilise the security features effectively. To date there has been little research in investigating the usability of encryption software and proposing solutions for improving them. This research paper analysed the usability of encryption software targeting end-users. The research identified several issues that could impede the ability of a novice end-user to adequately utilise the encryption software. A set of proposed recommendations are suggested to improve encryption software which could be empirically verified through further research
- âŠ