Trading off usability and security in user interface design through mental models

ABSTRACT The aim of this paper is to establish the foundations for developing a mental model that bridges the gap between usability and security in user-centred designs. To this purpose, a meta-model has been developed to align design features with the users’ requirements through tacit knowledge elicitation. The meta-model describes the combinatorial relationships of Security, Usability and Mental (SUM) and how these components can be used to design a usable and secure system. The SUM meta-model led to the conclusion that there is no antagonism between usability and security. However, the degree of usable security depends on the ability of the designer to capture and implement the user’s tacit knowledge. In fact, the SUM meta-model seeks the dilution of the trading-off effects between security and usability through compensating synergism of the tacit knowledge. A usability security cognitive map has been developed for the major constituents of usability and security to clarify the interactions and their influences on the meta-model stipulations. The three intersecting areas of the three components’ relationships are manipulated to expand the Optimal Equilibrium Solution (OES) (δ) expanse. To put the SUM meta-model into practice, knowledge management principles have been proposed for implementing user-centred security and user-centred design. This is accomplished by using collaborative brainpower from various knowledge constellations to design a system within the user’s current and future perception boundaries. Therefore, different knowledge groups, processes, techniques, tactics and practices have been proposed for knowledge transfer and transformation during the mental model development.

[1]  Thomas R. Peltier Social Engineering: Concepts and Solutions , 2006, Inf. Secur. J. A Glob. Perspect..

[2]  Lam-for Kwok,et al.  Integrating security design into the software development process for e-commerce systems , 2001, Inf. Manag. Comput. Secur..

[3]  Kim-Kwang Raymond Choo,et al.  Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users , 2014, Behav. Inf. Technol..

[4]  Pauline Ratnasingham,et al.  EDI security: a model of EDI risks and associated controls , 1997, Inf. Manag. Comput. Secur..

[5]  Jakob Nielsen,et al.  Traditional dialogue design applied to modern user interfaces , 1990, CACM.

[6]  Z. Fikre,et al.  Caching for data availability in mobile P2P streaming systems , 2012, 2012 International Conference on Selected Topics in Mobile and Wireless Networking.

[7]  Jakob Nielsen,et al.  Estimating the relative usability of two interfaces: heuristic, formal, and empirical methods compared , 1993, INTERCHI.

[8]  Cynthia E. Irvine,et al.  An Approach to Security Requirements Engineering for a High Assurance System* , 2002, Requirements Engineering.

[9]  Jakob Nielsen,et al.  Improving a human-computer dialogue , 1990, CACM.

[10]  Maria Uther,et al.  Back vs. stack: training the correct mental model affects web browsing , 2008, Behav. Inf. Technol..

[11]  William Yurcik,et al.  Internet honeypots: protection or entrapment? , 2002, IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293).

[12]  Richard Fellows,et al.  Culture and Innovation , 2012 .

[13]  Ron Poet,et al.  A study of mnemonic image passwords , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[14]  Olga C. Santos,et al.  User‐centred design and educational data mining support during the recommendations elicitation process in social online learning environments , 2015, Expert Syst. J. Knowl. Eng..

[15]  Garry L. White THE EVOLUTION AND IMPLEMENTATION OF GLOBAL ASSURANCE , 2010 .

[16]  Cayley Guimaraes,et al.  Challenges of knowledge management and creation in communities of practice organisations of Deaf and non-Deaf members: requirements for a Web platform , 2012, Behav. Inf. Technol..

[17]  Andreas Mitrakas,et al.  Information security and law in Europe: Risks checked? , 2006 .

[18]  Prasad Kaipa,et al.  Knowledge architecture for the twenty-first century , 2000, Behav. Inf. Technol..

[19]  Frances M. T. Brazier,et al.  Knowledge level model of an individual designer as an agent in collaborative distributed design , 2001, Artif. Intell. Eng..

[20]  W. Bean Personal Knowledge: Towards a Post-Critical Philosophy , 1961 .

[22]  Alain Forget,et al.  Persuasion for Stronger Passwords: Motivation and Pilot Study , 2008, PERSUASIVE.

[23]  Jasna Kuljis,et al.  Aligning usability and security: a usability study of Polaris , 2006, SOUPS '06.

[24]  Sumeet Gupta,et al.  Knowledge sharing in information system development teams: examining the impact of shared mental model from a social capital theory perspective , 2013, Behav. Inf. Technol..

[25]  Antonella De Angeli,et al.  My password is here! An investigation into visuo-spatial authentication mechanisms , 2004, Interact. Comput..

[26]  Mervyn A. Jack,et al.  Hidden menu options in automated human – computer telephone dialogues: dissonance in the user's mental model , 2007, Behav. Inf. Technol..

[27]  Tom Stewart,et al.  Knowledge sharing , 2012, Behav. Inf. Technol..

[28]  Cleotilde Gonzalez,et al.  ACognitive Approach to Game Usability and Design: Mental Model Development in Novice Real-Time Strategy Gamers , 2006, Cyberpsychology Behav. Soc. Netw..

[29]  Karen Renaud,et al.  Quantifying the quality of web authentication mechanisms: a usability perspective , 2004 .

[30]  Jemal H. Abawajy,et al.  User preference of cyber security awareness delivery methods , 2014, Behav. Inf. Technol..

[31]  Przemyslaw Kazienko,et al.  Web-based knowledge exchange through social links in the workplace , 2012, Behav. Inf. Technol..

[32]  Beatriz Gallego-Nicasio Crespo User Interface Harmonization for IT Security Management: User-Centered Design in the PoSecCo Project , 2013, AReS 2013.

[33]  Lawrence Bodin,et al.  Information security and risk management , 2008, CACM.

[34]  Jim Freeman,et al.  A methodology to evaluate the usability of digital socialization in ‘‘virtual’’ engineering design , 2008 .

[35]  Jakob Nielsen,et al.  Measuring usability: preference vs. performance , 1994, CACM.

[36]  Borka Jerman-Blazic,et al.  Quantifying Usability and Security in Authentication , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference.

[37]  野中 郁次郎,et al.  The Knowledge-Creating Company: How , 1995 .

[38]  William L. Fuerst,et al.  Domain-oriented interface metaphors: designing Web interfaces for effective customer interaction , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[39]  Trek C. Potter An Evaluation Methodology for the Usability and Security of Cloud-based File Sharing Technologies , 2012 .

[40]  J. Mylonakis,et al.  Identifying and Managing Enterprise Security Risks in Online Business Convergence Environments , 2010 .

[41]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[42]  William J. Doll,et al.  The Meaning and Measurement of User Satisfaction: A Multigroup Invariance Analysis of the End-User Computing Satisfaction Instrument , 2004, J. Manag. Inf. Syst..

[43]  Shin-Yuan Hung,et al.  Knowledge-sharing motivations affecting R&D employees' acceptance of electronic knowledge repository , 2011, Behav. Inf. Technol..

[44]  Wendy W. Ting,et al.  Information Assurance Metric for Assessing NIST's Monitoring Step in the Risk Management Framework , 2010, Inf. Secur. J. A Glob. Perspect..

[45]  Kellep A. Charles Decoy Systems: A New Player in Network Security and Computer Incident Response , 2004, Int. J. Digit. EVid..

[46]  Eleni Berki,et al.  Towards a contingency approach with whitelist- and blacklist-based anti-phishing applications: what do usability tests indicate? , 2014, Behav. Inf. Technol..

[47]  Rossouw von Solms,et al.  Phishing for phishing awareness , 2013, Behav. Inf. Technol..

[48]  Shuchih Ernest Chang,et al.  Exploring organizational culture for information security management , 2007, Ind. Manag. Data Syst..

[49]  Dennis Kehoe,et al.  An evaluation of quality culture problems in UK companies , 1998 .

[50]  Popov Odessa Information security for optoelectronic ergatic system , 2010 .

[51]  Lingyu Wang,et al.  Usability of Security Specification Approaches for UML Design: A Survey , 2009, J. Object Technol..

[52]  Guoliang Liu,et al.  Research on Relationships Model of Organization Communication Performance of the Construction Project Based on Shared Mental Model , 2009, 2009 International Conference on Information Management, Innovation Management and Industrial Engineering.

[53]  Michael L. Donnell,et al.  Human cognition and the expert system interface: mental models and inference explanations , 1993, IEEE Trans. Syst. Man Cybern..

[54]  Tran Khanh Dang,et al.  Security Visualization for peer-to-peer resource sharing applications , 2009, ArXiv.

[55]  John M. Carroll,et al.  Fostering an informal learning community of computer technologies at school , 2007, Behav. Inf. Technol..

[56]  James D. Hollan,et al.  Supporting informal communication via ephemeral interest groups , 1992, CSCW '92.

[57]  Barrett S. Caldwell,et al.  Describing functional requirements for knowledge sharing communities , 2002, Behav. Inf. Technol..

[58]  Ergonomic requirements for office work with visual display terminals ( VDTs ) — Part 11 : Guidance on usability , 1998 .

[59]  Thomas Peltier,et al.  Social Engineering: Concepts and Solutions , 2006 .

[60]  Xin Huang,et al.  Usable Security Mechanisms in Smart Building , 2014, 2014 IEEE 17th International Conference on Computational Science and Engineering.

[61]  Carrie Liddy,et al.  The evolution of certificate model architecture , 1999, Inf. Manag. Comput. Secur..

[62]  Stefan Wagner,et al.  A Comprehensive Model of Usability , 2007, EHCI/DS-VIS.

[63]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[64]  Kostas S. Metaxiotis,et al.  Exploring the world of knowledge management: agreements and disagreements in the academic/practitioner community , 2005, J. Knowl. Manag..

[65]  Jakob Nielsen,et al.  A Meta-model for Interacting with Computers , 1990, Interact. Comput..

[66]  Niraj K. Jha,et al.  A Secure User Interface for Web Applications Running Under an Untrusted Operating System , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[67]  Sebastian Möller,et al.  An Experimental System for Studying the Tradeoff between Usability and Security , 2009, 2009 International Conference on Availability, Reliability and Security.

[68]  Cristina Olaverri-Monreal,et al.  Collaborative system to investigate mental models: The information architecture automatic tool (IAAT) , 2014, 2014 International Conference on Collaboration Technologies and Systems (CTS).

[69]  Chen-Chiung Hsieh,et al.  Anti-SIFT Images Based CAPTCHA Using Versatile Characters , 2013, 2013 International Conference on Information Science and Applications (ICISA).

[70]  Paul Benjamin Lowry,et al.  Using Accountability to Reduce Access Policy Violations in Information Systems , 2013, J. Manag. Inf. Syst..

[71]  Bernhard Höfle,et al.  Geo-reCAPTCHA: Crowdsourcing large amounts of geographic information from earth observation data , 2015, Int. J. Appl. Earth Obs. Geoinformation.

[72]  Joyce H. D. M. Westerink,et al.  Interacting with infotainment applications: Navigation patterns and mental models , 2000, Behav. Inf. Technol..

[73]  Martina Ziefle,et al.  The influence of user expertise and phone complexity on performance, ease of use and learnability of different mobile phones , 2002, Behav. Inf. Technol..

[74]  N. Holden Forms of host-country national learning for enhanced MNC absorptive capacity , 2005 .

[75]  Mary F. Theofanos,et al.  Common Industry Specification for Usability --Requirements , 2007 .

[76]  Leela Damodaran Development of a user-centred IT strategy: A case study , 1998, Behav. Inf. Technol..

[77]  Waldemar Karwowski,et al.  Collaborative systems engineering and social-networking approach to design and modelling of smarter products , 2011, Behav. Inf. Technol..

[78]  Borka Jerman-Blazic,et al.  A conceptual framework for evaluating usable security in authentication mechanisms - usability perspectives , 2011, 2011 5th International Conference on Network and System Security.

[79]  Ahmet Çakir Virtual communities - a virtual session on virtual conferences , 2002, Behav. Inf. Technol..

[80]  Jeffrey M. Stibel Mental models and online consumer behaviour , 2005, Behav. Inf. Technol..

[81]  Lei Lei,et al.  Robustness of text-based completely automated public turing test to tell computers and humans apart , 2016, IET Inf. Secur..

[82]  Kevin J. Fitzgerald Security and data integrity for LANs and WANs , 1995, Inf. Manag. Comput. Secur..

[83]  Xiaoping Gu,et al.  The match of implementation model and mental model in interactive design , 2008, 2008 9th International Conference on Computer-Aided Industrial Design and Conceptual Design.

[84]  A. W. Roscoe,et al.  Security and Usability: Analysis and Evaluation , 2010, 2010 International Conference on Availability, Reliability and Security.

[85]  Ben Shneiderman,et al.  Universal usability as a stimulus to advanced interface design , 2001, Behav. Inf. Technol..

[86]  Linda G. Wallace,et al.  Is Information Security Under Control?: Investigating Quality in Information Security Management , 2007, IEEE Security & Privacy.

[87]  Wusheng Zhang,et al.  Harnessing Explicit Knowledge , 2011 .

[88]  S. Lineberry The Human Element: The Weakest Link in Information Security , 2007 .

[89]  Oscar de Bruijn,et al.  The effects of visual information on users' mental models: an evaluation of pathfinder analysis as a measure of icon usability. , 2001 .

[90]  Leela Damodaran,et al.  Barriers and facilitators to the use of knowledge management systems , 2000, Behav. Inf. Technol..

[91]  Panos Liatsis,et al.  How humans can help computers to solve an artificial problem? , 2015, 2015 International Conference on Systems, Signals and Image Processing (IWSSIP).

[92]  Gavriel Salvendy,et al.  Perception of information security , 2010, Behav. Inf. Technol..

[93]  Cecilia Mascolo,et al.  Integrating security and usability into the requirements and design process , 2007, Int. J. Electron. Secur. Digit. Forensics.

[94]  Lara Khansa,et al.  Quantifying the benefits of investing in information security , 2009, Commun. ACM.

[95]  David M'Raïhi,et al.  Designing a Trade-Off Between Usability and Security: A Metrics Based-Model , 2007, INTERACT.

[96]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[97]  Jean-Paul A. Barthès,et al.  Knowledge Management , 1994, Encyclopedia of Database Systems.

[98]  R. Ruggles The State of the Notion: Knowledge Management in Practice , 1998 .

[99]  Dalenca Pottas,et al.  A Usable Security Heuristic Evaluation for the Online Health Social Networking Paradigm , 2012, Int. J. Hum. Comput. Interact..

[100]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[101]  Mirghani S. Mohamed The “continuumization” of knowledge management technology , 2008 .

[102]  James A. Landay,et al.  Personal privacy through understanding and action: five pitfalls for designers , 2004, Personal and Ubiquitous Computing.

[103]  David Willer,et al.  A Web-lab to enhance social science infrastructure: experiments, simulations and archiving , 1999, J. Knowl. Manag..

[104]  Mary Beth Rosson,et al.  A Trajectory for Community Networks Special Issue: ICTs and Community Networking , 2003, Inf. Soc..

[105]  Deanna M. Kennedy,et al.  Team Creative Processes: The Importance of Complementary and Shared Mental Models , 2011, 2011 44th Hawaii International Conference on System Sciences.

[106]  Clare-Marie Karat,et al.  Usable privacy and security for personal information management , 2006, CACM.

[107]  Douglas J. Gillan,et al.  Cognitive Ability and Computing Experience Influence Interpretation of Computer Metaphors , 1995 .

[108]  James Tiller Information Security Models , 2004 .

[109]  R. Fisher,et al.  Initial online trust formation: the role of company location and web assurance , 2009 .

[110]  Joyce Riedinger,et al.  Using an applied learning centre as a vehicle for culture change , 2008 .

[111]  Miklos A. Vasarhelyi,et al.  ASSURING HOMELAND SECURITY : CONTINUOUS MONITORING , CONTROL & ASSURANCE OF EMERGENCY PREPAREDNESS , 2005 .

[112]  Seung-Hyun Kim,et al.  A comparative study of cyberattacks , 2012, Commun. ACM.

[113]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[114]  D. Spicer Linking mental models and cognitive maps as an aid to organisational learning , 1998 .

[115]  Gregory R. Doddrell Security environment reviews , 2013 .

[116]  Robert Biddle,et al.  Password advice shouldn't be boring: Visualizing password guessing attacks , 2013, 2013 APWG eCrime Researchers Summit.

[117]  Mari Carmen Puerta Melguizo,et al.  Assessing users mental models in designing complex systems , 2002, IEEE International Conference on Systems, Man and Cybernetics.

[118]  George McDaniel IBM dictionary of computing , 1994 .

[119]  Costas Lambrinoudakis Smart card technology for deploying a secure information management framework , 2000, Inf. Manag. Comput. Secur..

[120]  Alain Abran,et al.  Usability Meanings and Interpretations in ISO Standards , 2003, Software Quality Journal.

[121]  Juho Lindman,et al.  Open Data Services: Research Agenda , 2013, 2013 46th Hawaii International Conference on System Sciences.

[122]  L. Tam,et al.  The psychology of password management: a tradeoff between security and convenience , 2010, Behav. Inf. Technol..

[123]  Christian Stary,et al.  Non-disruptive knowledge and business processing in knowledge life cycles - aligning value network analysis to process management , 2014, J. Knowl. Manag..

[124]  Nasir D. Memon,et al.  Multitouch Gesture-Based Authentication , 2014, IEEE Transactions on Information Forensics and Security.

[125]  Toshio Fukuda,et al.  User-adaptive interface based on mental model and symbol matching , 2009, 2009 IEEE/ASME International Conference on Advanced Intelligent Mechatronics.

[126]  Jakob Nielsen,et al.  The usability engineering life cycle , 1992, Computer.

[127]  Jakob Nielsen,et al.  Assessing the usability of a user interface standard , 1991, CHI.

[128]  Lam-for Kwok Hypertext information security model for organizations , 1997, Inf. Manag. Comput. Secur..

[129]  Stuart Archbold,et al.  Dimensions of Participation , 1976 .

[130]  Patricia Milne,et al.  Motivation, incentives and organisational culture , 2007, J. Knowl. Manag..

[131]  Audun Jøsang,et al.  Security Usability Principles for Vulnerability Analysis and Risk Assessment , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[132]  Peng Xu,et al.  Do I have to learn something new? Mental models and the acceptance of replacement technologies , 2011, Behav. Inf. Technol..

[133]  Sowmya Jain,et al.  Usability aspects of HCI in the design of CAPTCHAs , 2012, 2012 IEEE International Conference on Computational Intelligence and Computing Research.

[134]  Christian Payne,et al.  Towards Usable Application-Oriented Access Controls: Qualitative Results from a Usability Study of SELinux, AppArmor and FBAC-LSM , 2012, Int. J. Inf. Secur. Priv..

[135]  Constantinos K. Coursaris,et al.  A Meta-Analytical Review of Empirical Mobile Usability Studies , 2011 .

[136]  Thomas H. Davenport,et al.  Book review:Working knowledge: How organizations manage what they know. Thomas H. Davenport and Laurence Prusak. Harvard Business School Press, 1998. $29.95US. ISBN 0‐87584‐655‐6 , 1998 .

[137]  Abu Bakar Md Sultan,et al.  Knowledge Management and Usability Model for Knowledge Management System , 2009, Comput. Inf. Sci..

[138]  Paul van Schaik,et al.  The acceptance of a computerised decision-support system in primary care: A preliminary investigation , 2004, Behav. Inf. Technol..

[139]  Gavriel Salvendy,et al.  Development of a Methodology for Optimizing the Elicited Knowledge , 1993, HCI.

[140]  Mario Piattini,et al.  Improving a portlet usability model , 2006, Software Quality Journal.

[141]  Qing Hu,et al.  The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies , 2007, J. Assoc. Inf. Syst..

[142]  Shamal Faily,et al.  A framework for usable and secure system design , 2011 .

[143]  Andrew Richert Lessons from a major cultural change workshop programme , 1999 .

[144]  Carolyn Strand Norman,et al.  Textbook websites: user technology acceptance behaviour , 2011, Behav. Inf. Technol..

[145]  Gustavo Stubrich The Fifth Discipline: The Art and Practice of the Learning Organization , 1993 .

[146]  Ahmad Al-Omari,et al.  Information Security Policy Compliance: An Empirical Study of Ethical Ideology , 2013, 2013 46th Hawaii International Conference on System Sciences.

[147]  F. Sahar Tradeoffs between Usability and Security , 2013 .

[148]  Changxiang Shen,et al.  Reliability Extended Security Model Combining Confidentiality and Integrity , 2006, 2006 8th international Conference on Signal Processing.

[149]  John M. Carroll,et al.  The Data Security Environment of Canadian Resource-Sharing Systems , 1971 .

[150]  Jan Jürjens,et al.  Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec , 2010, Requirements Engineering.

[151]  Jenny Waycott,et al.  Effects of advance organizers, mental models and abilities on task and recall performance using a mobile phone network , 2006 .

[152]  D. J. Kurpius,et al.  The Fifth Discipline: The Art and Practice of the Learning Organization: Book review. , 1993 .

[153]  Angelos D. Keromytis,et al.  I am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[154]  Milad Alemzadeh,et al.  Human-Computer Interaction: Overview on State of the Art , 2008 .

[155]  Lorrie Faith Cranor,et al.  A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[156]  Jon-Arild Johannessen,et al.  Aspects of a systemic philosophy of knowledge: from social facts to data, information and knowledge , 2002 .

[157]  K. Choo,et al.  Always Connected, but are Smart Mobile Users Getting More Security Savvy? A Survey of Smart Mobile Device Users , 2014 .

[158]  Ben Shneiderman,et al.  Expandable indexes vs. sequential menus for searching hierarchies on the World Wide Web , 2002, Behav. Inf. Technol..

[159]  Shang Gao,et al.  Modeling a Dynamic Data Replication Strategy to Increase System Availability in Cloud Computing Environments , 2012, Journal of Computer Science and Technology.

[160]  Steven Hsu,et al.  A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings , 2011, SOUPS.

[161]  M. Tariq Banday,et al.  A Study of CAPTCHAs for Securing Web Services , 2011, ArXiv.

[162]  Izak Benbasat,et al.  Information Technology Competence of Business Managers: A Definition and Research Model , 2001, J. Manag. Inf. Syst..

[163]  Fangfang Liu,et al.  Using Metadata to Maintain Link Integrity for Linked Data , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[164]  Tian Lei,et al.  The Usability of Multimedia Interface Based on User's Mental Models , 2006, 16th International Conference on Artificial Reality and Telexistence--Workshops (ICAT'06).

[165]  Khaled Salah,et al.  Cloud-based Arabic reCAPTCHA service: Design and architecture , 2015, 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA).

[166]  Semih Bilgen,et al.  A framework for qualitative assessment of domain-specific languages , 2015, Software & Systems Modeling.

[167]  Jonathan Lazar,et al.  Investigating the effects of sound masking on the use of audio CAPTCHAs , 2014, Behav. Inf. Technol..

[168]  Kim J. Vicente,et al.  Coherence- and correspondence-driven work domains: implications for systems design , 1990 .

[169]  Richard Hartshorne,et al.  Continuance use intention of enterprise instant messaging: a knowledge management perspective , 2014, Behav. Inf. Technol..

[170]  Qingxiong Ma,et al.  Information security management objectives and practices: a parsimonious framework , 2008, Inf. Manag. Comput. Secur..

[171]  Hsiu-Fen Lin Knowledge sharing and firm innovation capability: an empirical study , 2007 .

[172]  Robert Joseph Skovira Framing the Corporate Security Problem: The Ecology of Security , 2007 .

[173]  Afzaal H. Seyal,et al.  A study of executives' use of biometrics: an application of theory of planned behaviour , 2013 .

[174]  Nigel Bevan,et al.  International standards for HCI and usability , 2001, Int. J. Hum. Comput. Stud..

[175]  L. Jean Camp,et al.  Mental models of privacy and security , 2009, IEEE Technology and Society Magazine.

[176]  Andy Ju An Wang Information security models and metrics , 2005, ACM-SE 43.

[177]  J C Wyatt,et al.  10. Management of explicit and tacit knowledge , 2001, Journal of the Royal Society of Medicine.

[178]  J. D. Tygar,et al.  Safe Staging for Computer Security , 2003 .

[179]  A. Paivio Dual coding theory: Retrospect and current status. , 1991 .

[180]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[181]  Robert S. Hanmer,et al.  Comparing reliability and security: Concepts, requirements, and techniques , 2007, Bell Labs Technical Journal.

[182]  Jean-Baptiste Van der Henst Mental model theory versus the inference rule approach in relational reasoning , 2002 .

[183]  Peter R.J. Trim,et al.  A strategic approach to sustainable partnership development , 2008 .

[184]  P. Strachan Managing transformational change: the learning organization and teamworking , 1996 .

[185]  Jakob Nielsen,et al.  Iterative user-interface design , 1993, Computer.

[186]  Kemal Bicakci,et al.  Towards making accessible human-interaction proofs more secure and usable , 2015, 2015 IEEE Symposium on Computers and Communication (ISCC).

[187]  David A. Wiley,et al.  Knowledge objects and mental models , 2000, Proceedings International Workshop on Advanced Learning Technologies. IWALT 2000. Advanced Learning Technology: Design and Development Issues.

[188]  Jaime Muñoz Arteaga,et al.  Web Service-Security Specification based on Usability Criteria and Pattern Approach , 2009, J. Comput..

[189]  Gavriel Salvendy,et al.  Usability and Security An Appraisal of Usability Issues in Information Security Methods , 2001, Comput. Secur..

[190]  Effie Lai-Chong Law,et al.  Analyses of user rationality and system learnability: performing task variants in user tests , 2007, Behav. Inf. Technol..

[191]  Ron Poet,et al.  Challenge Set Designs and User Guidelines for Usable and Secured Recognition-Based Graphical Passwords , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[192]  Ka-Ping Yee,et al.  Aligning Security and Usability , 2004, IEEE Secur. Priv..

[193]  Jakob Nielsen,et al.  Enhancing the explanatory power of usability heuristics , 1994, CHI '94.

[194]  John Millar Carroll Dimensions of Participation in Simon's Design , 2006, Design Issues.

[195]  Jakob Nielsen,et al.  Interface: The Use and Misuse of Focus Groups , 1997, IEEE Softw..

[196]  Adel Ismail Al-Alawi,et al.  Organizational culture and knowledge sharing: critical success factors , 2007, J. Knowl. Manag..

[197]  Mary Ellen Zurko User-centered security: stepping up to the grand challenge , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[198]  Anita Komlodi,et al.  Attorneys interacting with legal information systems: Tools for mental model building and task integration , 2005, ASIST.

[199]  Janette Moody,et al.  Enhancing end-user mental models of computer systems through the use of animation , 1996, Proceedings of HICSS-29: 29th Hawaii International Conference on System Sciences.

[200]  Ann Blandford,et al.  Modelling and analysing cognitive causes of security breaches , 2008, Innovations in Systems and Software Engineering.

[201]  Robert P. Bostrom,et al.  The Role of a Shared Mental Model of Collaboration Technology in Facilitating Knowledge Work in Virtual Teams , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[202]  Richard Mead,et al.  Cross-Cultural Management , 2009 .

[203]  P. Schaik,et al.  Mental Models and Lifelong Learning , 1998 .

[204]  Walid G. Aref,et al.  Security models for web-based applications , 2001, CACM.

[205]  Stefania Mariano,et al.  The process of knowledge retrieval: A case study of an American high‐technology research, engineering and consulting company , 2007 .

[206]  Jakob Nielsen,et al.  What do users really want? , 1989, Int. J. Hum. Comput. Interact..

[207]  Lorrie Faith Cranor,et al.  Bridging the Gap in Computer Security Warnings: A Mental Model Approach , 2011, IEEE Security & Privacy.

[208]  Karen A. Forcht,et al.  Security considerations of doing business via the Internet: cautions to be considered , 1997, Internet Res..