Usable set‐up of runtime security policies
Information Management & Computer Security
ISSN: 0968-5227
Article publication date: 16 October 2007
Abstract
Purpose
This paper aims to present concrete and verified guidelines for enhancing the usability and security of software that delegates security decisions to lay users and captures these user decisions as a security policy.
Design/methodology/approach
This work is an exploratory study. The authors hypothesised that existing tools for runtime set‐up of security policies are not sufficient. As this proved true, as shown in earlier work, they apply usability engineering with user studies to advance the state‐of‐the‐art.
Findings
Little effort has been spent on how security policies can be set up by the lay users for whom they are intended. This work identifies what users want and need for a successful runtime set‐up of security policies.
Practical implications
Concrete and verified guidelines are provided for designers who are faced with the task of delegating security decisions to lay users.
Originality/value
The devised guidelines focus specifically on the set‐up of runtime security policies and therefore on the design of alert windows.
Keywords
Citation
Herzog, A. and Shahmehri, N. (2007), "Usable set‐up of runtime security policies", Information Management & Computer Security, Vol. 15 No. 5, pp. 394-407. https://doi.org/10.1108/09685220710831134
Publisher
:Emerald Group Publishing Limited
Copyright © 2007, Emerald Group Publishing Limited