Article

Security user studies: methodologies and best practices

Authors:

Erika ShehanAuthors Info & Claims

CHI EA '07: CHI '07 Extended Abstracts on Human Factors in Computing Systems

Pages 2833 - 2836

https://doi.org/10.1145/1240866.1241089

Published: 28 April 2007 Publication History

Get Access

Abstract

Interest in usable security -- the research, development, and study of systems that are both usable and secure -- has been growing both in the CHI and information security communities in the past several years. Despite this interest, however, the process of designing and conducting security-related user studies remains extremely difficult. Users deal with security infrequently and irregularly, and most do not notice or care about security until it is missing or broken. Security is rarely a primary goal or task of users, making many traditional HCI evaluation techniques difficult or even impossible to use. This workshop will bring together researchers and practitioners from the HCI and information security communities to explore methodological challenges and best practices for conducting security-related user studies.

References

[1]

Cranor, L. F. Proceedings of the Symposium on Usable Privacy and Security (SOUPS 2005). Pittsburgh, PA, USA. July 6--8, 2005.

Digital Library

Google Scholar

[2]

Dourish, P., Grinter, R. E., Delgado de La Flor, J., and Joseph, M. Security in the Wild: User Strategies for Managing Security as an Everyday, Practical Problem. Personal and Ubiquitous Computing, 8, (2004), 391--401.

Crossref

Google Scholar

[3]

Downs, J. S., Holbrook, M. B., and Cranor, L. F. Decision Strategies and Susceptability to Phishing. Proc. SOUPS 2006, ACM Press (2006), 79--90.

Digital Library

Google Scholar

[4]

Friedman, B., Hurley, D., Howe, D., Felten, E., and Nissenbaum, E. Users' Conceptions of Web Security: A Comparative Study. Ext. Abstracts CHI 2002, ACM Press (2002), 746--747.

Digital Library

Google Scholar

[5]

Gaw, S. and Felten, E. W. Password Management Strategies for Online Accounts. Proc. SOUPS 2006, ACM Press (2006), 44--55.

Digital Library

Google Scholar

[6]

Gaw, S., Felten, E. W., and Fernandez-Kelly, P. Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted Email. Proc. CHI 2006, ACM Press (2006), 591--600.

Digital Library

Google Scholar

[7]

Gideon, J., Egelman, S., Cranor, L., and Acquisti, A. Power Strips, Prophylactics, and Privacy, Oh My!. Proc. SOUPS 2006, ACM Press (2006), 133--144.

Digital Library

Google Scholar

[8]

Jagatic, T., Johnson, N., Jakobsson, M., and Menczer, F. Social Phishing. http://informatics.indiana.edu/fil/Net/social_phishing.pdf

Google Scholar

[9]

Patrick, A. S., Long, A. C., and Flinn, S. HCI and Security Systems. Proc. CHI 2003, ACM Press (2003), 1056--1057.

Digital Library

Google Scholar

[10]

Whalen, T. and Inkpen, K. M. Gathering Evidence: Use of Visual Security Cues in Web Browsers. Proc. Graphics Interface 2005, ACM Press (2005), 137--144.

Digital Library

Google Scholar

[11]

Whitten, A. and Tygar, J. D. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Proc. USENIX 1999, USENIX Press (1999), 169--184.

Digital Library

Google Scholar

[12]

Wu, M., Miller, R. C., and Garfinkel, S. L. Do Security Toolbars Actually Prevent Phishing Attacks? Proc. CHI 2006, ACM Press (2006), 601--610.

Digital Library

Google Scholar

[13]

Wu, M., Miller, R. C., and Little, G. Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. Proc. SOUPS 2006, ACM Press (2006), 102--113.

Digital Library

Google Scholar

Cited By

View all

Distler VFassl MHabib HKrombholz KLenzini GLallemand CKoenig VCranor L(2023)Empirical Research Methods in Usable Privacy and SecurityHuman Factors in Privacy Research10.1007/978-3-031-28643-8_3(29-53)Online publication date: 10-Mar-2023
https://doi.org/10.1007/978-3-031-28643-8_3
Tadic BRohde MRandall DWulf V(2022)Design Evolution of a Tool for Privacy and Security Protection for Activists Online: CyberactivistInternational Journal of Human–Computer Interaction10.1080/10447318.2022.204189439:1(249-271)Online publication date: 17-Apr-2022
https://doi.org/10.1080/10447318.2022.2041894
Distler VFassl MHabib HKrombholz KLenzini GLallemand CCranor LKoenig V(2021)A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security ResearchACM Transactions on Computer-Human Interaction10.1145/346984528:6(1-50)Online publication date: 23-Dec-2021
https://dl.acm.org/doi/10.1145/3469845
Show More Cited By

Index Terms

Security user studies: methodologies and best practices
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI design and evaluation methods

Recommendations

A method for incorporating usable security into computer security courses
SIGCSE '13: Proceeding of the 44th ACM technical symposium on Computer science education

Since human factor security exploits are on the rise, ensuring Usable Security has become extremely important for the overall security of computer systems. However, traditional undergraduate computer security curriculum focuses heavily on technical ...
Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework
ICC '16: Proceedings of the International Conference on Internet of things and Cloud Computing

The Internet of things (IoT) refers to every object, which is connected over a network with the ability to transfer data. Users perceive this interaction and connection as useful in their daily life. However any improperly designed and configured ...
Measuring user satisfaction with information security practices

Information security is a major concern of organizational management. Security solutions based on technical aspects alone are insufficient to protect corporate data. Successful information security depends on appropriate user behavior while using ...

Comments

Information & Contributors

Information

Published In

CHI EA '07: CHI '07 Extended Abstracts on Human Factors in Computing Systems

April 2007

1286 pages

ISBN:9781595936424

DOI:10.1145/1240866

Conference Chair:
Mary Beth Rosson
The Pennsylvania State University, USA
,
Program Chair:
David Gilmore
Intel, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 April 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CHI07

Sponsor:

CHI07: CHI Conference on Human Factors in Computing Systems

April 28 - May 3, 2007

CA, San Jose, USA

Acceptance Rates

CHI EA '07 Paper Acceptance Rate 212 of 582 submissions, 36%;

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
923
Total Downloads

Downloads (Last 12 months)29
Downloads (Last 6 weeks)3

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Distler VFassl MHabib HKrombholz KLenzini GLallemand CKoenig VCranor L(2023)Empirical Research Methods in Usable Privacy and SecurityHuman Factors in Privacy Research10.1007/978-3-031-28643-8_3(29-53)Online publication date: 10-Mar-2023
https://doi.org/10.1007/978-3-031-28643-8_3
Tadic BRohde MRandall DWulf V(2022)Design Evolution of a Tool for Privacy and Security Protection for Activists Online: CyberactivistInternational Journal of Human–Computer Interaction10.1080/10447318.2022.204189439:1(249-271)Online publication date: 17-Apr-2022
https://doi.org/10.1080/10447318.2022.2041894
Distler VFassl MHabib HKrombholz KLenzini GLallemand CCranor LKoenig V(2021)A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security ResearchACM Transactions on Computer-Human Interaction10.1145/346984528:6(1-50)Online publication date: 23-Dec-2021
https://dl.acm.org/doi/10.1145/3469845
Marforio CJayaram Masti RSoriente CKostiainen KČapkun SKaye JDruin ALampe CMorris DHourcade J(2016)Evaluation of Personalized Security Indicators as an Anti-Phishing Mechanism for Smartphone ApplicationsProceedings of the 2016 CHI Conference on Human Factors in Computing Systems10.1145/2858036.2858085(540-551)Online publication date: 7-May-2016
https://dl.acm.org/doi/10.1145/2858036.2858085
Jang-Jaccard JNepal S(2014)A survey of emerging threats in cybersecurityJournal of Computer and System Sciences10.1016/j.jcss.2014.02.00580:5(973-993)Online publication date: Aug-2014
https://doi.org/10.1016/j.jcss.2014.02.005
Keengwe JAgamba J(2012)Pre-Service Teachers' Perceptions of Information Assurance and Cyber SecurityInternational Journal of Information and Communication Technology Education10.4018/jicte.20120401088:2(94-101)Online publication date: 1-Apr-2012
https://dl.acm.org/doi/10.4018/jicte.2012040108
Braunstein AGranka LStaddon JCranor L(2011)Indirect content privacy surveysProceedings of the Seventh Symposium on Usable Privacy and Security10.1145/2078827.2078847(1-14)Online publication date: 20-Jul-2011
https://dl.acm.org/doi/10.1145/2078827.2078847
Raja FHawkey KHsu SWang KBeznosov KCranor L(2011)A brick wall, a locked door, and a banditProceedings of the Seventh Symposium on Usable Privacy and Security10.1145/2078827.2078829(1-20)Online publication date: 20-Jul-2011
https://dl.acm.org/doi/10.1145/2078827.2078829
Motiee SHawkey KBeznosov KCranor L(2010)Do windows users follow the principle of least privilege?Proceedings of the Sixth Symposium on Usable Privacy and Security10.1145/1837110.1837112(1-13)Online publication date: 14-Jul-2010
https://dl.acm.org/doi/10.1145/1837110.1837112
Kuo CPerrig AWalker J(2009)Designing user studies for security applications: a case study with wireless network configurationInternational Journal of Security and Networks10.1504/IJSN.2009.0234294:1/2(101-109)Online publication date: 1-Feb-2009
https://dl.acm.org/doi/10.1504/IJSN.2009.023429
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A method for incorporating usable security into computer security courses

Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework

Measuring user satisfaction with information security practices

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

A method for incorporating usable security into computer security courses

Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework

Measuring user satisfaction with information security practices

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations