Usable set-up of runtime security policies
2007 (English)In: Information Management & Computer Security, ISSN 0968-5227, Vol. 15, no 5, 394-407 p.Article in journal (Refereed) Published
Purpose: This paper aims to present concrete and verified guidelines for enhancing the usability and security of software that delegates security decisions to lay users and captures these user decisions as a security policy.
Design/methodology/approach: This work is an exploratory study. The authors hypothesised that existing tools for runtime set-up of security policies are not sufficient. As this proved true, as shown in earlier work, they apply usability engineering with user studies to advance the state-of-the-art.
Findings: Little effort has been spent on how security policies can be set up by the lay users for whom they are intended. This work identifies what users want and need for a successful runtime set-up of security policies.
Practical implications: Concrete and verified guidelines are provided for designers who are faced with the task of delegating security decisions to lay users.
Originality/value: The devised guidelines focus specifically on the set-up of runtime security policies and therefore on the design of alert windows.
Place, publisher, year, edition, pages
2007. Vol. 15, no 5, 394-407 p.
Business policy, Data security, Internet, Java
IdentifiersURN: urn:nbn:se:liu:diva-14435DOI: 10.1108/09685220710831134OAI: oai:DiVA.org:liu-14435DiVA: diva2:23500
Special Issue of Information Management & Computer Security: Selected Papers from the HAISA 2007 Symposium.2007-04-272007-04-272014-06-24