Skip to content
Licensed Unlicensed Requires Authentication Published by Oldenbourg Wissenschaftsverlag August 16, 2016

Usable Security – Results from a Field Study

Luigi Lo Iacono, Hoai Viet Nguyen and Hartmut Schmitt
From the journal i-com

Abstract

Security has evolved into an essential quality factor of software systems. However, security features in software applications are often time-consuming, error-prone and too complicated for common users. This is mainly due to a limited consideration and integration of usability. As a consequence, users either circumvent security features or do not utilize them at all. Usable security is an advanced quality topic and an important research area of software systems. This area combines usability and security with the objective of making the use of security features in software effective, efficient and satisfying. In order to meet this challenge, the research project USecureD aims at supporting small and medium-sized enterprises (SMEs) in facilitating the selection and incorporation of usable security by developing, evaluating and collecting principles, guidelines, patterns and tools for merging usability and security engineering. During the initiation phase of the USecureD project, an online study (N = 118) in conjunction with 10 interviews and 2 workshops have been conducted in order to identify the relevance and requirements of usability, security and usable security with a specific focus on SMEs. The obtained results are presented and derived implications are discussed in this paper.

Acknowledgment

The USecureD project is funded by the Federal Ministry for Economic Affairs and Energy (BMWi) under project number 01MU14002. The authors would like to thank Jasmin Niess for her constructive comments which helped a lot to improve the readability of the paper.

References

[1] Garfinkel, S. L.; Lipford, H. R.: Usable Security: History, Themes, and Challenges. Synthesis Lectures on Information Security, Morgan & Claypool Publishers, 2014.10.2200/S00594ED1V01Y201408SPT011Search in Google Scholar

[2] Garfinkel, S. L.; Margrave, D.: Schiller, J. I.; Nordlander, E.; Miller, R. C.: How to make secure email easier to use. Conference on Human Factors in Computing Systems (SIGCHI), 2005.Search in Google Scholar

[3] Kapadia, A.: A Case (Study) For Usability in Secure Email Communication. IEEE Security & Privacy, Volume 5, 2007.10.1109/MSP.2007.25Search in Google Scholar

[4] Li, Q.; Clark C.: Mobile Security: A Look Ahead. IEEE Security & Privacy, Volume 11, 2013.10.1109/MSP.2013.15Search in Google Scholar

[5] Nguyen, H. V.; Lo Iacono, L.: Auswertung der Online-Studie. USecureD-Deliverable, 2016. Online available at: https://www.usecured.de/UseWP/wp-content/uploads/2015/04/USecureD-Anforderungsanalyse-Online-Studienergebnisse-V.1.pdf.Search in Google Scholar

[6] Schmitt, H.: Anforderungsanalyse (Interviewergebnisse). USecureD-Deliverable, 2016. Online available at: https://www.usecured.de/UseWP/wp-content/uploads/2016/02/USecureD-Anforderungsanalyse-Interviewergebnisse-V.1.pdf.Search in Google Scholar

[7] Toxboe, A.: User Interface Design patterns, 2016. Online available at: http://ui-patterns.com.Search in Google Scholar

[8] U. S. Department of Health & Human Services: HHS Web Standards and Usability Guidelines, 2016. Online available at: http://webstandards.hhs.gov.Search in Google Scholar

[9] van Welie, M.: A Pattern Library for Interaction Design, 2008. Online available at: http://www.welie.com.Search in Google Scholar

[10] Whitten, A.; Tygar, J. D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. 8th Usenix Security Symposium, 1999.Search in Google Scholar

[11] Yee, K.-P.: Aligning security and usability. IEEE Security & Privacy, Volume 2, 2004.10.1109/MSP.2004.64Search in Google Scholar

Published Online: 2016-08-16
Published in Print: 2016-08-01

© 2016 Walter de Gruyter GmbH, Berlin/Boston