A quarter century of usable security and privacy research: transparency, tailorability, and the road ahead

Reuter, Christian; Iacono, Luigi Lo; Benlian, Alexander

doi:10.1080/0144929x.2022.2080908

Cited by 14 publications

(5 citation statements)

References 75 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other scholars attempted to review this field of study in academic journal articles. However, many of these contributions lack a systematic approach (e.g., 5,7,8). Accordingly, they do not express the inclusion and exclusion criteria, and the selection of articles is based on the authors' narrative choice.…”

Section: Rationalementioning

confidence: 99%

“…In recent years, many research groups and agencies have addressed the balance between security and usability, particularly after the increase in Internet use (including smart working and e-commerce) stemming from the COVID-19 pandemic and a related significant increase in cyberattacks [5][6][7][8][9][10]. Contributions to this area are variegated.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Usable Security: A Systematic Literature Review

Di Nocera,

Tempestini,

Orsini

2023

Information

View full text Add to dashboard Cite

Usable security involves designing security measures that accommodate users’ needs and behaviors. Balancing usability and security poses challenges: the more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. Numerous studies have addressed this balance. These studies, spanning psychology and computer science/engineering, contribute diverse perspectives, necessitating a systematic review to understand strategies and findings in this area. This systematic literature review examined articles on usable security from 2005 to 2022. A total of 55 research studies were selected after evaluation. The studies have been broadly categorized into four main clusters, each addressing different aspects: (1) usability of authentication methods, (2) helping security developers improve usability, (3) design strategies for influencing user security behavior, and (4) formal models for usable security evaluation. Based on this review, we report that the field’s current state reveals a certain immaturity, with studies tending toward system comparisons rather than establishing robust design guidelines based on a thorough analysis of user behavior. A common theoretical and methodological background is one of the main areas for improvement in this area of research. Moreover, the absence of requirements for Usable security in almost all development contexts greatly discourages implementing good practices since the earlier stages of development.

show abstract

Section: Rationalementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Usable Security: A Systematic Literature Review

Di Nocera,

Tempestini,

Orsini

2023

Information

View full text Add to dashboard Cite

show abstract

“…Cybersecurity is a concern for all organizations. Much has been written about technical solutions and how to incent end-users to adopt strong security practices (Reuter et al , 2022; Hirschprung et al , 2020), developers and software engineers security practices (Naiakshina, 2019; Ploger et al , 2021), and or external penetration (Lee, 2021; Alzaqebah et al , 2023), but minimally regarding the impact of fatigue in cybersecurity response (Chen et al , 2022). Organizations have devoted their resources to address cybersecurity issues focus on endpoints and networks (Hansen, 2022) are limited to partial solutions (Pharris and Perez-Mira, 2022) or educating the end-user (Chowdhury et al , 2019; Chowdhury et al , 2022), but have overlooked a core component of the organization and its systems, the ERP.…”

Section: Introductionmentioning

confidence: 99%

“…To apply the vendor-generated patches in the enterprise the focus is different. In the enterprise, the focus is on end-users or end-points (Reuter et al , 2022; Hirschprung et al , 2020; Naiakshina, 2019; Ploger et al , 2021), but the patches are left to a myriad of different parts of the organizations to apply (Meyer and Lambert, 2007; Clarke, 2023). In many cases the user organization or the ERP Manager may not responsible for patch application, but not integral to cybersecurity management (Defossez and Arpino, 2022), creating conflicting objectives within the enterprise.…”

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

Mathieu,

Turovlin

2023

ICS

View full text Add to dashboard Cite

Purpose Cyber risk has significantly increased over the past twenty years. In many organizations, data and operations are managed through a complex technology stack underpinned by an Enterprise Resource Planning (ERP) system such as systemanalyse programmentwicklung (SAP). The ERP environment by itself can be overwhelming for a typical ERP Manager, coupled with increasing cybersecurity issues that arise creating periods of intense time pressure, stress and workload, increasing risk to the organization. This paper aims to identify a pragmatic approach to prioritize vulnerabilities for the ERP Manager. Design/methodology/approach Applying attention-based theory, a pragmatic approach is developed to prioritize an organization’s response to the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) vulnerabilities using a Classification and Regression Tree (CART). Findings The application of classification and regression tree (CART) to the National Institute of Standards and Technology’s National Vulnerability Database identifies prioritization unavailable within the NIST’s categorization. Practical implications The ERP Manager is a role between technology, functionality, centralized control and organization data. Without CART, vulnerabilities are left to a reactive approach, subject to overwhelming situations due to intense time pressure, stress and workload. Originality/value To the best of the authors’ knowledge, this work is original and has not been published elsewhere, nor is it currently under consideration for publication elsewhere. CART has previously not been applied to the prioritizing cybersecurity vulnerabilities.

show abstract

The Concept of Usable Privacy and Information Security

Ruiz Ben,

Scholl

2023

Usable Privacy and Security in Online Public Services

View full text Add to dashboard Cite

A quarter century of usable security and privacy research: transparency, tailorability, and the road ahead

Cited by 14 publications

References 75 publications

Usable Security: A Systematic Literature Review

Usable Security: A Systematic Literature Review

Lost in the middle – a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART)

The Concept of Usable Privacy and Information Security

Contact Info

Product

Resources

About