Abstract
Cybersecurity technologies and processes must be usable if users are to make effective use of protection. Many security practitioners accept the value of usable security, but few can precisely define it in practice and in terms of how it influences users’ security behaviour and the wider security culture in organisations. This paper investigates how different sources characterise usability and usable security to identify the key aspects that affect usability and determine the degree to which usability aspects are relevant in cybersecurity. This has resulted in a definition of usable security and a framework that supports the cybersecurity community’s efforts to make security more usable. The motivation for examining the definitions of usable security in detail is to characterise the potential linkage between usable security and the wider security culture within an organization (with the usability of the technology being a factor that could clearly help or impede the acceptance and operation of security, and therefore impact the related culture). The study suggests that, to some degree, the cybersecurity community is catching up with notions that the HCI field has understood for longer. The lack of consistency in defining usable security motivates the proposal of a working definition. Furthermore, a primary outcome of assessing the usability and usable security studies is establishing a framework of usable security, integrating the key aspects identified in the literature. The proposed framework offers a mechanism for operationalising usable security by incorporating principles from both IT/HCI and cybersecurity perspectives.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Verizon: 2022 Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/dbir/. Accessed 10 July 2022
Nielsen, J.: Usability 101: Introduction to Usability (2012). https://www.nngroup.com/articles/usability-101-introduction-to-usability/
Nielsen, J.: Usability Engineering. Morgan Kaufmann (1993)
Quesenbery, W.: Using the 5Es to Understand Users - Whitney Interactive Design. WQusability - Whitney Quesenbery (n.d.). https://www.wqusability.com/articles/getting-started.html. Accessed 15 Feb 2022
ISO. Ergonomics of human-system interaction—Part 11: Usability: Definitions and concepts (2018). https://www.iso.org/obp/ui/#iso:std:iso:9241:-11:ed-2:v1:en
Abran, A., Khelifi, A., Suryn, W., Seffah, A.: Usability meanings and interpretations in ISO standards. Softw. Qual. J. 11(4), 325–338 (2003)
Bevan, N., Macleod, M.: Usability measurement in context. Behav. Inf. Technol. 13(1–2), 132–145 (1994)
Bevan, N., Kirakowskib, J., Maissela, J.: What is usability. In: Proceedings of the 4th International Conference on HCI. Citeseer (1991)
Constantine, L.L., Lockwood, L.A.: Software for Use: A Practical Guide to the Models and Methods of Usage-Centered Design. Pearson Education (1999)
Eason, K.D.: Information Technology and Organizational Change. CRC Press (1989)
European Commission. Usability. Internal Market, Industry, Entrepreneurship and SMEs. https://ec.europa.eu/growth/sectors/tourism/business-portal/usability_en. Accessed 17 Feb 2022
Edwards, M.: Exploring Human-Computer Interaction. HP (2018). https://www.hp.com/us-en/shop/tech-takes/exploring-human-computer-interaction. Accessed 15 Feb 2022
Gould, J.D., Lewis, C.: Designing for usability: key principles and what designers think. Commun. ACM 28(3), 300–311 (1985)
HHS and GSA: The Research-Based Web Design & Usability Guidelines, Enlarged/Expanded edition. U.S. Government Printing Office. https://www.usability.gov/what-and-why/usability-evaluation.html. Accessed 31 Jan 2022
Holzinger, A.: Usability engineering methods for software developers. Commun. ACM 48(1), 71–74 (2005)
IBM. User Experience. Usability (2008). https://www-03.ibm.com/services/ca/en/mobility/offerings_userexperience_usability.html#:~:text=Usability%20is%20the%20discipline%20of,error%20tolerant%2C%20and%20subjectively%20pleasing. Accessed 15 Feb 2022
IEEE. IEEE Standard Glossary of Software Engineering Terminology (1990). https://ieeexplore.ieee.org/document/159342/definitions#definitions. Accessed 27 Feb 2022
IEEE. Usability and Accessibility (2022). https://brand-experience.ieee.org/guidelines/digital/style-guide/usability-and-accessibility/. Accessed 27 Feb 2022
Interaction Design Foundation. Usability (2022). https://www.interaction-design.org/literature/topics/usability#:~:text=Usability%20is%20a%20measure%20of,deliverable%E2%80%94to%20ensure%20maximum%20usability. Accessed 27 Feb 2022
HFES. Human Readiness Level Scale in the System Development Process (2021)
ANSI. Ergonomics of Human-System Interaction - Part 11: Usability: Definitions and Concepts (2022). https://webstore.ansi.org/standards/iso/iso9241112018?_ga=2.3299568.111955288.1644355252-1926938011.1644355252. Accessed 20 Feb 2022
BSI, Ergonomics of human-system interaction - Usability: Definitions and concepts. https://shop.bsigroup.com/products/ergonomics-of-human-system-interaction-usability-definitions-and-concepts/tracked-changes. Accessed 20 Feb 2022
Jordan, P.W., Thomas, B., McClelland, I.L., Weerdmeester, B.: Usability Evaluation in Industry. CRC Press (1996)
IEC. Usability (2018). https://www.electropedia.org/iev/iev.nsf/display?openform&ievref=871-01-08. Accessed 15 Feb 2022
Krug, S.: Don’t Make Me Think!: A Common Sense Approach to Web Usability. Pearson Education India (2000)
Microsoft, Usability in Software Design (2019). https://docs.microsoft.com/en-us/windows/win32/appuistart/usability-in-software-design#defining-usability. Accessed 11 Feb 2022
Preece, J.: A Guide to Usability: Human Factors in Computing. Addison-Wesley Longman Publishing Co., Inc. (1993)
Schumacher, R.M., Lowry, S.Z., Schumacher, R.M.: NIST guide to the processes approach for improving the usability of electronic health records. US Department of Commerce, National Institute of Standards and Technology (2010)
Shackel, B.: Usability-context, framework, definition, design and evaluation. Interact. Comput. 21, 339–346 (2009)
Sharp, H., Rogers, Y., Preece, J.: Interaction design: beyond human-computer interaction (2019)
Shneiderman, B., Plaisant, C.: Designing the User Interface: Strategies for Effective Human-Computer Interaction. Pearson Education India (2010)
Usability Professionals Association (2010). What is Usability? https://www.usabilitybok.org/what-is-usability. Accessed 15 Feb 2022
Usability.gov. Glossary: Usability. https://www.usability.gov/what-and-why/glossary/u/index.html. Accessed 15 Feb 2022
Weichbroth, P.: Usability of mobile applications: a systematic literature study. IEEE Access 8, 55563–55577 (2020)
Davies, J.: Word Cloud Generator. https://www.jasondavies.com/wordcloud/. Accessed 25 May 2022
Caputo, D., Pfleeger, S., Sasse, M., Ammann, P., Offutt, J., Deng, L.: Barriers to usable security? Three organizational case studies. IEEE Secur. Priv. 14, 22–32 (2016)
Zurko, M., Simon, R.: User-centered security. In: Proceedings of the 1996 Workshop on New Security Paradigms (1996)
Theofanos, M.: Is usable security an oxymoron? IEEE Comput. 53(2), 71–74 (2020)
Johnston, J., Eloff, J.H., Labuschagne, L.: Security and human computer interfaces. Comput. Secur. 22(8), 675–684 (2003)
Saltzer, J., Schroeder, M.: A proteção de informação em sistemas de computador. Proc. IEEE 63(9), 1278–1308 (1975)
Whitten, A., Tygar, J.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium (1999)
Hof, H.-J.: User-centric IT security-how to design usable security mechanisms. arXiv preprint arXiv:1506.07167 (2015)
Nurse, J., Creese, S., Goldsmith, M., Lamberts, K.: Guidelines for usable cybersecurity: past and present. In: Third International Workshop on Cyberspace Safety and Security (CSS) (2011)
Yee, K.-P.: User interaction design for secure systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 278–290. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36159-6_24
Mahfuth, A., Yussof, S., Baker, A., Ali, N.: A systematic literature review: Information security culture. In: 2017 International Conference on Research and Innovation in Information Systems (ICRIIS). IEEE (2017)
AlHogail, A., Mirza, A.: Information security culture: a definition and a literature review. In: 2014 World Congress on Computer Applications and Information Systems (WCCAIS). IEEE (2014)
Da Veiga, A., Astakhova, L., Botha, A., Herselman, M.: Defining organisational information security culture—perspectives from academia and industry. Comput. Secur. (2020)
Uchendu, B., Nurse, J., Bada, M., Furnell, S.: Developing a cyber security culture: current practices and future needs. Comput. Secur. 109, 102387 (2021)
Bada, M.: Stakeholder Analysis: Motives, Needs, and Drivers for Cybersecurity Awareness Training in Modern Work Environments, in AwareGO (2022)
Chen, Y., Ramamurthy, K., Wen, K.-W.: Impacts of comprehensive information security programs on information security culture. J. Comput. Inf. Syst. 55(3), 11–19 (2015)
Furnell, S., Rajendran, A.: Understanding the influences on information security behaviour. Comput. Fraud Secur. 12–15 (2012)
Padayachee, K.: Taxonomy of compliant information security behavior. Comput. Secur. 673–680 (2012)
Hassan, N., Ismail, Z.: A conceptual model for investigating factors influencing information security culture in healthcare environment. Procedia-Soc. Behav. Sci. 1007–1012 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Fallatah, W., Furnell, S., He, Y. (2023). Refining the Understanding of Usable Security. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-35822-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35821-0
Online ISBN: 978-3-031-35822-7
eBook Packages: Computer ScienceComputer Science (R0)