Skip to main content
SpringerLink
Log in

Refining the Understanding of Usable Security

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14045))

Included in the following conference series:

  • 841 Accesses

Abstract

Cybersecurity technologies and processes must be usable if users are to make effective use of protection. Many security practitioners accept the value of usable security, but few can precisely define it in practice and in terms of how it influences users’ security behaviour and the wider security culture in organisations. This paper investigates how different sources characterise usability and usable security to identify the key aspects that affect usability and determine the degree to which usability aspects are relevant in cybersecurity. This has resulted in a definition of usable security and a framework that supports the cybersecurity community’s efforts to make security more usable. The motivation for examining the definitions of usable security in detail is to characterise the potential linkage between usable security and the wider security culture within an organization (with the usability of the technology being a factor that could clearly help or impede the acceptance and operation of security, and therefore impact the related culture). The study suggests that, to some degree, the cybersecurity community is catching up with notions that the HCI field has understood for longer. The lack of consistency in defining usable security motivates the proposal of a working definition. Furthermore, a primary outcome of assessing the usability and usable security studies is establishing a framework of usable security, integrating the key aspects identified in the literature. The proposed framework offers a mechanism for operationalising usable security by incorporating principles from both IT/HCI and cybersecurity perspectives.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Verizon: 2022 Data Breach Investigations Report. https://www.verizon.com/business/resources/reports/dbir/. Accessed 10 July 2022

  2. Nielsen, J.: Usability 101: Introduction to Usability (2012). https://www.nngroup.com/articles/usability-101-introduction-to-usability/

  3. Nielsen, J.: Usability Engineering. Morgan Kaufmann (1993)

    Google Scholar 

  4. Quesenbery, W.: Using the 5Es to Understand Users - Whitney Interactive Design. WQusability - Whitney Quesenbery (n.d.). https://www.wqusability.com/articles/getting-started.html. Accessed 15 Feb 2022

  5. ISO. Ergonomics of human-system interaction—Part 11: Usability: Definitions and concepts (2018). https://www.iso.org/obp/ui/#iso:std:iso:9241:-11:ed-2:v1:en

  6. Abran, A., Khelifi, A., Suryn, W., Seffah, A.: Usability meanings and interpretations in ISO standards. Softw. Qual. J. 11(4), 325–338 (2003)

    Article  Google Scholar 

  7. Bevan, N., Macleod, M.: Usability measurement in context. Behav. Inf. Technol. 13(1–2), 132–145 (1994)

    Article  Google Scholar 

  8. Bevan, N., Kirakowskib, J., Maissela, J.: What is usability. In: Proceedings of the 4th International Conference on HCI. Citeseer (1991)

    Google Scholar 

  9. Constantine, L.L., Lockwood, L.A.: Software for Use: A Practical Guide to the Models and Methods of Usage-Centered Design. Pearson Education (1999)

    Google Scholar 

  10. Eason, K.D.: Information Technology and Organizational Change. CRC Press (1989)

    Google Scholar 

  11. European Commission. Usability. Internal Market, Industry, Entrepreneurship and SMEs. https://ec.europa.eu/growth/sectors/tourism/business-portal/usability_en. Accessed 17 Feb 2022

  12. Edwards, M.: Exploring Human-Computer Interaction. HP (2018). https://www.hp.com/us-en/shop/tech-takes/exploring-human-computer-interaction. Accessed 15 Feb 2022

  13. Gould, J.D., Lewis, C.: Designing for usability: key principles and what designers think. Commun. ACM 28(3), 300–311 (1985)

    Article  Google Scholar 

  14. HHS and GSA: The Research-Based Web Design & Usability Guidelines, Enlarged/Expanded edition. U.S. Government Printing Office. https://www.usability.gov/what-and-why/usability-evaluation.html. Accessed 31 Jan 2022

  15. Holzinger, A.: Usability engineering methods for software developers. Commun. ACM 48(1), 71–74 (2005)

    Article  Google Scholar 

  16. IBM. User Experience. Usability (2008). https://www-03.ibm.com/services/ca/en/mobility/offerings_userexperience_usability.html#:~:text=Usability%20is%20the%20discipline%20of,error%20tolerant%2C%20and%20subjectively%20pleasing. Accessed 15 Feb 2022

  17. IEEE. IEEE Standard Glossary of Software Engineering Terminology (1990). https://ieeexplore.ieee.org/document/159342/definitions#definitions. Accessed 27 Feb 2022

  18. IEEE. Usability and Accessibility (2022). https://brand-experience.ieee.org/guidelines/digital/style-guide/usability-and-accessibility/. Accessed 27 Feb 2022

  19. Interaction Design Foundation. Usability (2022). https://www.interaction-design.org/literature/topics/usability#:~:text=Usability%20is%20a%20measure%20of,deliverable%E2%80%94to%20ensure%20maximum%20usability. Accessed 27 Feb 2022

  20. HFES. Human Readiness Level Scale in the System Development Process (2021)

    Google Scholar 

  21. ANSI. Ergonomics of Human-System Interaction - Part 11: Usability: Definitions and Concepts (2022). https://webstore.ansi.org/standards/iso/iso9241112018?_ga=2.3299568.111955288.1644355252-1926938011.1644355252. Accessed 20 Feb 2022

  22. BSI, Ergonomics of human-system interaction - Usability: Definitions and concepts. https://shop.bsigroup.com/products/ergonomics-of-human-system-interaction-usability-definitions-and-concepts/tracked-changes. Accessed 20 Feb 2022

  23. Jordan, P.W., Thomas, B., McClelland, I.L., Weerdmeester, B.: Usability Evaluation in Industry. CRC Press (1996)

    Google Scholar 

  24. IEC. Usability (2018). https://www.electropedia.org/iev/iev.nsf/display?openform&ievref=871-01-08. Accessed 15 Feb 2022

  25. Krug, S.: Don’t Make Me Think!: A Common Sense Approach to Web Usability. Pearson Education India (2000)

    Google Scholar 

  26. Microsoft, Usability in Software Design (2019). https://docs.microsoft.com/en-us/windows/win32/appuistart/usability-in-software-design#defining-usability. Accessed 11 Feb 2022

  27. Preece, J.: A Guide to Usability: Human Factors in Computing. Addison-Wesley Longman Publishing Co., Inc. (1993)

    Google Scholar 

  28. Schumacher, R.M., Lowry, S.Z., Schumacher, R.M.: NIST guide to the processes approach for improving the usability of electronic health records. US Department of Commerce, National Institute of Standards and Technology (2010)

    Google Scholar 

  29. Shackel, B.: Usability-context, framework, definition, design and evaluation. Interact. Comput. 21, 339–346 (2009)

    Article  Google Scholar 

  30. Sharp, H., Rogers, Y., Preece, J.: Interaction design: beyond human-computer interaction (2019)

    Google Scholar 

  31. Shneiderman, B., Plaisant, C.: Designing the User Interface: Strategies for Effective Human-Computer Interaction. Pearson Education India (2010)

    Google Scholar 

  32. Usability Professionals Association (2010). What is Usability? https://www.usabilitybok.org/what-is-usability. Accessed 15 Feb 2022

  33. Usability.gov. Glossary: Usability. https://www.usability.gov/what-and-why/glossary/u/index.html. Accessed 15 Feb 2022

  34. Weichbroth, P.: Usability of mobile applications: a systematic literature study. IEEE Access 8, 55563–55577 (2020)

    Article  Google Scholar 

  35. Davies, J.: Word Cloud Generator. https://www.jasondavies.com/wordcloud/. Accessed 25 May 2022

  36. Caputo, D., Pfleeger, S., Sasse, M., Ammann, P., Offutt, J., Deng, L.: Barriers to usable security? Three organizational case studies. IEEE Secur. Priv. 14, 22–32 (2016)

    Article  Google Scholar 

  37. Zurko, M., Simon, R.: User-centered security. In: Proceedings of the 1996 Workshop on New Security Paradigms (1996)

    Google Scholar 

  38. Theofanos, M.: Is usable security an oxymoron? IEEE Comput. 53(2), 71–74 (2020)

    Article  Google Scholar 

  39. Johnston, J., Eloff, J.H., Labuschagne, L.: Security and human computer interfaces. Comput. Secur. 22(8), 675–684 (2003)

    Article  Google Scholar 

  40. Saltzer, J., Schroeder, M.: A proteção de informação em sistemas de computador. Proc. IEEE 63(9), 1278–1308 (1975)

    Article  Google Scholar 

  41. Whitten, A., Tygar, J.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium (1999)

    Google Scholar 

  42. Hof, H.-J.: User-centric IT security-how to design usable security mechanisms. arXiv preprint arXiv:1506.07167 (2015)

  43. Nurse, J., Creese, S., Goldsmith, M., Lamberts, K.: Guidelines for usable cybersecurity: past and present. In: Third International Workshop on Cyberspace Safety and Security (CSS) (2011)

    Google Scholar 

  44. Yee, K.-P.: User interaction design for secure systems. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 278–290. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36159-6_24

    Chapter  Google Scholar 

  45. Mahfuth, A., Yussof, S., Baker, A., Ali, N.: A systematic literature review: Information security culture. In: 2017 International Conference on Research and Innovation in Information Systems (ICRIIS). IEEE (2017)

    Google Scholar 

  46. AlHogail, A., Mirza, A.: Information security culture: a definition and a literature review. In: 2014 World Congress on Computer Applications and Information Systems (WCCAIS). IEEE (2014)

    Google Scholar 

  47. Da Veiga, A., Astakhova, L., Botha, A., Herselman, M.: Defining organisational information security culture—perspectives from academia and industry. Comput. Secur. (2020)

    Google Scholar 

  48. Uchendu, B., Nurse, J., Bada, M., Furnell, S.: Developing a cyber security culture: current practices and future needs. Comput. Secur. 109, 102387 (2021)

    Article  Google Scholar 

  49. Bada, M.: Stakeholder Analysis: Motives, Needs, and Drivers for Cybersecurity Awareness Training in Modern Work Environments, in AwareGO (2022)

    Google Scholar 

  50. Chen, Y., Ramamurthy, K., Wen, K.-W.: Impacts of comprehensive information security programs on information security culture. J. Comput. Inf. Syst. 55(3), 11–19 (2015)

    Google Scholar 

  51. Furnell, S., Rajendran, A.: Understanding the influences on information security behaviour. Comput. Fraud Secur. 12–15 (2012)

    Google Scholar 

  52. Padayachee, K.: Taxonomy of compliant information security behavior. Comput. Secur. 673–680 (2012)

    Google Scholar 

  53. Hassan, N., Ismail, Z.: A conceptual model for investigating factors influencing information security culture in healthcare environment. Procedia-Soc. Behav. Sci. 1007–1012 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, University of Nottingham, Nottingham, UK

    Wesam Fallatah, Steven Furnell & Ying He

Authors
  1. Wesam Fallatah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steven Furnell
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ying He
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wesam Fallatah .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fallatah, W., Furnell, S., He, Y. (2023). Refining the Understanding of Usable Security. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35822-7_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35821-0

  • Online ISBN: 978-3-031-35822-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation