Is Usability an Obstacle for Information Systems Security?

Laura Zapata, Ana Mª Moreno, Eduardo Fernandez-Medina

Abstract

Keeping information systems secure is costly. Organizations allocate financial and human resources in order to prevent security incidents having an impact on software applications. There is evidence that information systems security has in some cases been affected by human errors that might be caused by a poor usability design. There is clearly a link between security and usability. To clarify this, we have conducted a systematic mapping study of the literature produced over the last decade.We identified five relationship types: inverse, direct, relative, one-way inverse, and no-relationship. Most authors agree that there is an inverse relationship between security and usability, which means that increasing usability leads to a decrease in security issues in a product and vice versa. However, this is not a unanimous finding, and this study unveils a number of open questions, like application domain dependency and the need to explore lower level relationships between attribute sub-characteristics.

References

  1. Ben-asher, N., Meyer, J., Parmet, Y., Moeller, S., Englert, R.: An Experimental System for Studying the Tradeoff between Usability and Security. International Conference on Availability, Reliability and Security (2009)
  2. Australian Government0s Department of Defence: Preparing for and Responding to Cyber Security Incidents. (2012) [Online] Available from: http://www.dsd.gov.au/ publications/csocprotect/preparing for cyber incidents.htm.[Accessed 5th April 2013]
  3. The Microsoft Security TechCenter: Responding to IT Security Incidents. (no date) [Online] Available from: http://technet.microsoft.com/enus/library/cc875825.aspx. [Accessed 5th April 2013]
  4. Braz, C., Seffah, A., M0Raihi, D.: Designing a Trade-off between Usability and Security: A Metrics Based-Model. Springer volume 4663, (2007) 114-126
  5. Cranor, L., Garfinkel, S.: Security and Usability Designing Secure Systems that People Can Use. INTERNATIONAL Journal of Computers and Communications Issue 1, OReilly Media. (2005)
  6. ISO/IEC, 2011, ISO/IEC 25010, Software Product Quality Requirements and Evaluation (SQuaRE) Quality Models for Software Product Quality and System Quality in use. International Standard. Switzerland
  7. ISO 9126-1, 2001, Software engineering Product quality Part 1: Quality model. International Standard. Switzerland.
  8. ISO 9241-11, 1998, Ergonomics of Human System Interaction - Part 11: Guidance on Usability. International Standard. Switzerland.
  9. Petersen, K., Feldt, R., Mujtaba, S., Mattsson, M.: Systematic Mapping Studies in Software Engineering. 12th International Conference on Evaluation and Assessment in Software Engineering, (2008)
Download


Paper Citation


in Harvard Style

Zapata L., Mª Moreno A. and Fernandez-Medina E. (2013). Is Usability an Obstacle for Information Systems Security? . In Proceedings of the 10th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2013) ISBN 978-989-8565-64-8, pages 53-65. DOI: 10.5220/0004602300530065


in Bibtex Style

@conference{wosis13,
author={Laura Zapata and Ana Mª Moreno and Eduardo Fernandez-Medina},
title={Is Usability an Obstacle for Information Systems Security?},
booktitle={Proceedings of the 10th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2013)},
year={2013},
pages={53-65},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004602300530065},
isbn={978-989-8565-64-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2013)
TI - Is Usability an Obstacle for Information Systems Security?
SN - 978-989-8565-64-8
AU - Zapata L.
AU - Mª Moreno A.
AU - Fernandez-Medina E.
PY - 2013
SP - 53
EP - 65
DO - 10.5220/0004602300530065