Author
E. Eugene Schultz, Robert W. Proctor, Mei-Ching Lien, Gavriel Salvendy
Abstract
In the modern multi-user computer environment, Internet-capable network servers provide connectivity that allows a large portion of the user population to access information at the desktop from sources around the world. Because of the ease with which information can be accessed, computer security breaches may occur unless systems and restricted information stored therein are kept secure. Breaches of security can have serious consequences, including theft of confidential corporate documents, compromise of intellectual property, unauthorized modification of systems and data, denial of service, and others. Considerable research has been conducted on threats to security.
Numerous sophisticated security methods have been developed, many of which rely on individuals to implement and use them. However, these methods may not accomplish their intended objectives if they are not used properly. Despite the apparent influence of usability, surprisingly little research has been conducted on the trade-off between usability and the degree of security provided by various information security methods. In the present paper, we review the various information security methods that are used, appraise the usability issues, and develop a taxonomy to organize these issues. The intent is to make a strong case for the need for systematic usability analyses and for the development of usability metrics for information security.