Using Distributed User Interfaces in Collaborative, Secure, and Privacy-Preserving Software Environments

In complex, ad hoc constituted situations, people with different intentions, experiences, and expertise need or want to cooperate to cope with the domain-specific challenges they face. These situations can occur in both a professional and a leisure-life context. Cooperative systems providing enhanced interaction facilities in the user interface (e.g., direct manipulation techniques) could substantially support cooperation especially for geographically distributed cooperating participants. In many cases, sensitive information has to be shared in a common workspace requiring different handling procedures according to the different types of participants involved in these ad hoc processes. This article proposes the use of a common, multilaterally secure distributed user interface to support collaboration for distributed groups of process participants. The system combines a collaborative multipointer system with an anonymous credential security system to provide users with an easy way to share and access information securely, ensuring the privacy of sensitive information communicated in the course of ad hoc processes. Various scenarios representing contrary use cases from three different projects are introduced to derive typical requirements and to show the generality of the proposed system and its core components

Understanding Usability-related Information Security Failures in a Healthcare Context

This research study explores how the nature and type of usability failures impact task performance in a healthcare organization. Healthcare organizations are composed of heterogeneous and disparate information systems intertwined with complex business processes that create many challenges for the users of the system. The manner in which Information Technology systems and products are implemented along with the overlapping intricate tasks the users have pose problems in the area of usability. Usability research primarily focuses on the user interface; therefore, designing a better interface often leaves security in question. When usability failures arise from the incongruence between healthcare task and the technology used in healthcare organizations, the security of information is jeopardized. Hence, the research problem is to understand the nature and types of usability-related security failures and how they can be reduced in a Healthcare Information System. This research used a positivist single case study design with embedded units, to understand the nature and type of usability-related information systems security failures in a Healthcare context. The nature and types of usability failures were identified following a four-step data analysis process that used terms that defined (1) user failures in a large healthcare organization, (2) Task Technology Fit theory, (3) the Confidentiality Integrity and Availability triad of information protection that captured usability-related information system security failures, and (4) by conducting semi-structured interviews with users of the Healthcare Information System capturing and recording their interactions with the usability failure. The captured reported usability-related information system security failures dated back five years within a healthcare organization consisting of a network of 128 medical centers. The evaluation of five years of data and over 8,000 problems reported by healthcare workers allowed this research to identify the misalignment of healthcare task to the technology used, and how the misalignment impacted both information security and user performance. The nature of usability failures were centered on technical controls, however, the cause of the failures was predominately information integrity failures and the unavailability of applications and systems. Usability-related information system security failures are primarily not recognized due to the nature of healthcare task along with the methods healthcare workers use to mitigate such failures by employing workarounds to complete a task. Applying non-technical security controls within the development process provides the clearest path to addressing throughout the organization the captured usability-related information system security failures