User-Centered Security Applied on Management

• Main Author: Bäckström, Johannes
• Format: Others
• Language: English
• Published: Linköpings universitet, Institutionen för datavetenskap 2007
• Subjects: User-Centered security management usability interaction design; Cognitive science; Kognitionsforskning
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-8636

The purpose of this study has been to research how to implement a graphical interface for presenting information security information to management. The major conclusion of the study is that management use this kind of information mainly for financial and strategic matters. Hence the information must be presented in a way that enhances this use of the information. The study also concludes that people act insecure mainly due to: a) Insufficient knowledge of how/why to act secure. b) The users do not want to act secure due to social and organisational factors. To fight the first factor, the management need a tool that helps them to see where to spend their resources. To fight the second factor, the organisation needs to be well educated and the company culture should allow the users to act secure. Three heuristics for the design of information security solutions for management and a design solution for the interface are also presented in the study. The three heuristics are: 1. Provide overview information very early in the program. The ordinary manager does not have the time or the knowledge to make this overview by himself/herself. 2. Do not overwhelm the user. The ordinary management man/woman is not interested in the details of the information security and/or do not have time to read this sort of information. If he or she wants to access the details, he or she is likely to find them (if they are placed in a logical place). 3. Provide information in a way that is common to the manager. Use wordings that the user understands. Provide contextual help for expressions that must be presented in a technical way.