UCL  IRIS
Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at http://www.ucl.ac.uk/finance/research/post_award/post_award_contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
A stealth approach to usable security: helping IT security managers to identify workable security solutions
  • Publication Type:
    Conference
  • Authors:
    Parkin S, van Moorsel A, Inglesant P, Sasse MA
  • Publisher:
    ACM Press
  • Publication date:
    2010
  • Place of publication:
    New York, US
  • Pagination:
    33, 49
  • Published proceedings:
    NSPW '10: Proceedings of the 2010 Workshop on New Security Paradigms
  • ISBN-13:
    9781450304153
  • Status:
    Published
  • Keywords:
    Information security, usability, security policies, passwords
  • Notes:
    Workshop took place at Concord, MA, USA between 21-23 September 2010
Abstract
Recent advances in research in usable security have produced many new security mechanisms that are more usable. However, these mechanisms have not been adopted in practice. In most organizations, IT security managers decide on security policies and mechanisms, and they do not seem to consider usability. IT security managers consider risk reduction and the business impact of information security controls, but impact on users is not considered. Rather than trying to remind security managers of usability, we present a new paradigm – a stealth approach which incorporates the impact of security controls on users’ productivity and willingness to comply into business impact and risk reduction. During two 2-hour sessions, 3 IT security managers discussed with us mock-up tool prototypes that embody these principles, alongside a range of potential usage scenarios (e.g. cloud-based password-cracking attacks and “hot-desking” initiatives). Our tool design process elicits findings to help develop mechanisms to visualise these tradeoffs.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Author
Dept of Computer Science
Author
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by