Mismorphism: a Semiotic Model of Computer Security Circumvention (Extended Version)

In real world domains, from healthcare to power to finance, we deploy computer systems intended to streamline and improve the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circumvention of the computer-embedded rules. Good-intentioned users, trying to get their jobs done, systematically work around security and other controls embedded in their IT systems. This paper reports on our work compiling a large corpus of such incidents and developing a model based on semiotic triads to examine security circumvention. This model suggests that mismorphisms---mappings that fail to preserve structure---lie at the heart of circumvention scenarios; differential perceptions and needs explain users\u27 actions. We support this claim with empirical data from the corpus

Telling the market story through organic information interaction design and broadcast media : submitted to the College of Creative Arts as requirement for the degree of Master of Design, Massey University, Wellington, New Zealand, 2007

Interaction Design, which is essentially story-creating and telling, is at once both and ancient art and a new technology. Media have always effected the telling of stories and the creation of experiences. (Shedroff, N., 1994, p. 2) Advances with visual representations within broadcast design have been applied to areas such as weather simulations, sporting events, and historical reconstruction's. However, financial market information presentation is fairly uniform in television news broadcasting, showing little progression in pace with other news information catego­ries. While stock market news segments make limited use of supporting graphics, addi­ tional information that may assist the viewer is filtered out, effecting viewers interest, understanding and decision making process often associated with market related stories. Research to date has been limited to single visualisations. There has been little re­search into the use of multiple information views that are composed to support news presentations. People use many different information sources on a daily basis. News sources are used to stay informed about events, to some sources, viewer evaluation of informa­tion is a part of that process. News information and other data commodity sources are now more accessible, allowing designers to look at ways of transforming them into new or improved information services. This research explores the display of stock market information by looking at ap­propriate media delivery methods combined with Organic Information Interaction Design to enhance information relationships. Organic Design and Information Inter­action Design 1 principles are combined. This denotes a 'living' relationship between elements, incorporating hierarchy principles with enhanced information delivery and user experiences. Four themes are tied together through the use of a conceptual prototype. [FROM INTRO

Gulfs of Expectation: Eliciting and Verifying Differences in Trust Expectations using Personas

Personas are a common tool used in Human Computer Interaction to represent the needs and expectations of a system’s stakeholders, but they are also grounded in large amounts of qualitative data. Our aim is to make use of this data to anticipate the differences between a user persona’s expectations of a system, and the expectations held by its developers. This paper introduces the idea of gulfs of expectation – the gap between the expectations held by a user about a system and its developers, and the expectations held by a developer about the system and its users. By evaluating these differences in expectation against a formal representation of a system, we demonstrate how differences between the anticipated user and developer mental models of the system can be verified. We illustrate this using a case study where persona characteristics were analysed to identify divergent behaviour and potential security breaches as a result of differing trust expectations

Usable Security. A Systematic Literature Review

Usable security involves designing security measures that accommodate users’ needs and behaviors. Balancing usability and security poses challenges: the more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. Numerous studies have addressed this balance. These studies, spanning psychology and computer science/engineering, contribute diverse perspectives, necessitating a systematic review to understand strategies and findings in this area. This systematic literature review examined articles on usable security from 2005 to 2022. A total of 55 research studies were selected after evaluation. The studies have been broadly categorized into four main clusters, each addressing different aspects: (1) usability of authentication methods, (2) helping security developers improve usability, (3) design strategies for influencing user security behavior, and (4) formal models for usable security evaluation. Based on this review, we report that the field’s current state reveals a certain immaturity, with studies tending toward system comparisons rather than establishing robust design guidelines based on a thorough analysis of user behavior. A common theoretical and methodological background is one of the main areas for improvement in this area of research. Moreover, the absence of requirements for Usable security in almost all development contexts greatly discourages implementing good practices since the earlier stages of development