论文信息 - Users are not the enemy

Users are not the enemy

Many system security departments treat users as a security risk to be controlled. The general consensus is that most users are careless and unmotivated when it comes to system security. In a recent study, we found that users may indeed compromise computer security mechanisms, such as password authentication, both knowing and unknowingly. A closer analysis, however, revealed that such behavior is often caused by the way in which security mechanisms are implemented, and users’ lack of knowledge. We argue that to change this state of affairs, security departments need to communicate more with users, and adopt a usercentered design approach.

M. Angela Sasse | Anne Adams | M. Sasse | A. Adams

[1] J. G. Hollands,et al. Engineering Psychology and Human Performance , 1984 .

[2] Charles Cresson Wood,et al. Security for computer networks : D.W. Davies and W.L. Price New York: John Wiley and Sons, 1984. 386 + xix pages, $19.50 , 1985, Computers & security.

[3] Kai Sorensen,et al. Federal Information Processing Standards Publication , 1985 .

[4] A. M. De Alvare,et al. How crackers crack passwords or what passwords to avoid , 1988 .

[5] C. Wickens. Engineering psychology and human performance, 2nd ed. , 1992 .

[6] Donn B. Parker,et al. Restating the Foundation of Information Security , 1991, SEC.

[7] Pamela Jordan. Basics of qualitative research: Grounded theory procedures and techniques , 1994 .

[8] Warwick Ford,et al. Computer communication security - principles, standard protocols and techniques , 2008 .

[9] Jean Hitchings,et al. Deficiencies of the traditional approach to information security and the requirements for a new methodology , 1995, Comput. Secur..