Incorporating the human facet of security in developing systems and services. (12th August 2020)
- Record Type:
- Journal Article
- Title:
- Incorporating the human facet of security in developing systems and services. (12th August 2020)
- Main Title:
- Incorporating the human facet of security in developing systems and services
- Authors:
- Naqvi, Bilal
Clarke, Nathan
Porras, Jari - Abstract:
- Abstract : Purpose: The purpose of this paper is to present an integrative framework for handling the security and usability conflicts during the system development lifecycle. The framework has been formulated while considering key concerns raised after conducting a series of interviews with practitioners from the industry. The framework is aimed at assisting system designers and developers in making reasonably accurate choices when it comes to the trade-offs between security and usability. The outcomes of using the framework are documented as design patterns, which are disseminated among the community of system designers and developers for use in other but similar contexts. Design/methodology/approach: A design science research approach was used to develop the integrative framework for usable security. Interviews were conducted for identification of the key concerns; however, the framework was validated during a workshop. Moreover, to validate the patterns' template and the usable security pattern identified after instantiating the framework, a survey instrument was used. Findings: It is important to consider the usability aspect in the development of security systems; otherwise, the systems, despite being secure against attacks, would be susceptible to user mistakes leading to compromises. It is worthwhile to handle usable security concerns right from the start of system development life cycle. Design patterns can help the developers in assessing the usability of theirAbstract : Purpose: The purpose of this paper is to present an integrative framework for handling the security and usability conflicts during the system development lifecycle. The framework has been formulated while considering key concerns raised after conducting a series of interviews with practitioners from the industry. The framework is aimed at assisting system designers and developers in making reasonably accurate choices when it comes to the trade-offs between security and usability. The outcomes of using the framework are documented as design patterns, which are disseminated among the community of system designers and developers for use in other but similar contexts. Design/methodology/approach: A design science research approach was used to develop the integrative framework for usable security. Interviews were conducted for identification of the key concerns; however, the framework was validated during a workshop. Moreover, to validate the patterns' template and the usable security pattern identified after instantiating the framework, a survey instrument was used. Findings: It is important to consider the usability aspect in the development of security systems; otherwise, the systems, despite being secure against attacks, would be susceptible to user mistakes leading to compromises. It is worthwhile to handle usable security concerns right from the start of system development life cycle. Design patterns can help the developers in assessing the usability of their security options. Practical implications: Practical implications: The framework would assist the designers and developers in handling the security and usability conflicts right from the start of the system development life cycle. The patterns documented after using the framework would help not only the designers and developers working in the industry but also freelancers. Originality/value: The authors present a novel framework to handle the security and usability conflicts during the system development life cycle. The development process of the framework was driven by the concerns raised after a series of interviews with the practitioners from industry. The framework presented in this paper was validated during a workshop in which it was exposed for review and comments by the participants from the industry. To demonstrate the use of patterns in general and the framework in particular, a case study featuring smart grids from the domain of cyber-physical systems is presented, which (to the best of the authors' knowledge) features the first work relevant to usable security in the domain of cyber-physical systems. … (more)
- Is Part Of:
- Information and computer security. Volume 29:Number 1(2021)
- Journal:
- Information and computer security
- Issue:
- Volume 29:Number 1(2021)
- Issue Display:
- Volume 29, Issue 1 (2021)
- Year:
- 2021
- Volume:
- 29
- Issue:
- 1
- Issue Sort Value:
- 2021-0029-0001-0000
- Page Start:
- 49
- Page End:
- 72
- Publication Date:
- 2020-08-12
- Subjects:
- Usable security -- Patterns -- Usability -- Security -- Framework -- Cyber-physical systems -- Design science research
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-11-2019-0130 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22453.xml