Author:
Naqvi Bilal,Clarke Nathan,Porras Jari
Abstract
Purpose
The purpose of this paper is to present an integrative framework for handling the security and usability conflicts during the system development lifecycle. The framework has been formulated while considering key concerns raised after conducting a series of interviews with practitioners from the industry. The framework is aimed at assisting system designers and developers in making reasonably accurate choices when it comes to the trade-offs between security and usability. The outcomes of using the framework are documented as design patterns, which are disseminated among the community of system designers and developers for use in other but similar contexts.
Design/methodology/approach
A design science research approach was used to develop the integrative framework for usable security. Interviews were conducted for identification of the key concerns; however, the framework was validated during a workshop. Moreover, to validate the patterns’ template and the usable security pattern identified after instantiating the framework, a survey instrument was used.
Findings
It is important to consider the usability aspect in the development of security systems; otherwise, the systems, despite being secure against attacks, would be susceptible to user mistakes leading to compromises. It is worthwhile to handle usable security concerns right from the start of system development life cycle. Design patterns can help the developers in assessing the usability of their security options.
Practical implications
Practical implications
The framework would assist the designers and developers in handling the security and usability conflicts right from the start of the system development life cycle. The patterns documented after using the framework would help not only the designers and developers working in the industry but also freelancers.
Originality/value
The authors present a novel framework to handle the security and usability conflicts during the system development life cycle. The development process of the framework was driven by the concerns raised after a series of interviews with the practitioners from industry. The framework presented in this paper was validated during a workshop in which it was exposed for review and comments by the participants from the industry. To demonstrate the use of patterns in general and the framework in particular, a case study featuring smart grids from the domain of cyber-physical systems is presented, which (to the best of the authors’ knowledge) features the first work relevant to usable security in the domain of cyber-physical systems.
Subject
Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems
Reference35 articles.
1. A framework of information security integrated with human factors,2019
2. A methodology for designing information security feedback based on user interface patterns;Advances in Engineering Software,2009
3. Barriers to usable security? Three organizational case studies;IEEE Security and Privacy,2016
4. Investigating quality trade-offs in open source critical embedded systems,2015
5. Integrating security and usability into the requirements and design process;International Journal of Electronic Security and Digital Forensics,2007
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献