Usable set‐up of runtime security policies-Reference-Cited by-同舟云学术

Usable set‐up of runtime security policies

Published:2007-10-16 Issue:5 Volume:15 Page:394-407
ISSN:0968-5227
Container-title:Information Management & Computer Security
language:en
Short-container-title:

Author:

Herzog Almut,Shahmehri Nahid

Abstract

PurposeThis paper aims to present concrete and verified guidelines for enhancing the usability and security of software that delegates security decisions to lay users and captures these user decisions as a security policy.Design/methodology/approachThis work is an exploratory study. The authors hypothesised that existing tools for runtime set‐up of security policies are not sufficient. As this proved true, as shown in earlier work, they apply usability engineering with user studies to advance the state‐of‐the‐art.FindingsLittle effort has been spent on how security policies can be set up by the lay users for whom they are intended. This work identifies what users want and need for a successful runtime set‐up of security policies.Practical implicationsConcrete and verified guidelines are provided for designers who are faced with the task of delegating security decisions to lay users.Originality/valueThe devised guidelines focus specifically on the set‐up of runtime security policies and therefore on the design of alert windows.

Publisher

Emerald

Subject

Library and Information Sciences,Management Science and Operations Research,Business and International Management,Management Information Systems

Reference27 articles.

1. Brostoff, S., Sasse, M.A., Chadwick, D., Cunningham, J., Mbanaso, U. and Otenko, S. (2005), “‘R‐what?’ development of a role‐based access control policy‐writing tool for e‐scientists”, Software – Practice & Experience, Vol. 35, pp. 835‐56.

2. Damianou, N., Dulay, N., Lupu, E. and Sloman, M. (2001), “The ponder policy specification language”, Proceedings of the International Workshop on Policies for Distributed Systems and Networks (Policy'01), Volume LNCS 1995, Springer, New York, NY, pp. 18‐38.

3. Garfinkel, S.L. (2005), “Design principles and patterns for computer systems that are simultaneously secure and usable”, PhD thesis, Massachusetts Institute of Technology, Cambridge, MA.

4. Gong, L., Ellison, G. and Dageforde, M. (2003), Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed., Addison‐Wesley, Reading, MA.

5. Hardee, J.B., West, R. and Mayhorn, C.B. (2006), “To download or not to download: an examination of computer security decision making”, Interactions, Vol. 13 No. 3, pp. 32‐7.

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Heuristics and Models for Evaluating the Usability of Security Measures;Proceedings of Mensch und Computer 2019;2019-09-08

2. On providing systematized access to consolidated principles, guidelines and patterns for usable security research and development†;Journal of Cybersecurity;2019-01-01

3. A Set of Heuristics for Usable Security and User Authentication;Proceedings of the XVII International Conference on Human Computer Interaction;2016-09-13

4. Evaluating and enriching information and communication technologies compliance frameworks with regard to privacy;Information Management & Computer Security;2013-07-12

5. A canonical analysis of intentional information security breaches by insiders;Information Management & Computer Security;2009-10-09