Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

International Journal of Human Computer Studies

Volumn 67, Issue 4, 2009, Pages 281-296

  Flechais, Ivan ^a   Sasse, M Angela ^b  

^a UNIVERSITY OF OXFORD   (United Kingdom)

^b UNIVERSITY COLLEGE LONDON   (United Kingdom)

Author keywords

e Science; Security; Security design; Socio technical design; Usable security

Indexed keywords

MOTIVATION; RISK ASSESSMENT;

E-SCIENCE; SECURITY; SECURITY DESIGN; SOCIO-TECHNICAL DESIGN; USABLE SECURITY;

DESIGN;

EID: 59649086633     PISSN: 10715819     EISSN: 10959300     Source Type: Journal    
DOI: 10.1016/j.ijhcs.2007.10.002     Document Type: Article

References (34)

1. Adams A., and Sasse M.A. Users are not the enemy. Communications of the ACM 42 12 (1999) 40-46
2. Adams, A., Sasse, M., 2001. Privacy in multimedia communications: protecting users, not just data. In: Blandford, A., Vanderdonkt, J., Gray, P. (Eds.), People and Computers XV - Interaction Without Frontiers. Joint Proceedings of HCI2001 and ICM2001, Lille, September 2001, Springer, pp. 49-64.
3. Backhouse J., and Dhillon G. Structures of responsibilities and security of information systems. European Journal of Information Systems 5 1 (1996) 2-9
4. Barki, H., Hartwick, J., 1989. Rethinking the concept of user involvement. In: MIS Quarterly, March, vol. 13 (1). Society for Information Management and The Management Information Systems Research Center, Minneapolis, MN, USA, pp. 53-63.
5. Baskerville, R., 1999. Investigating informations systems with action research. In: Communications of AIS, vol. 2, Article 19. Association for Information Systems, Atlanta, GA, USA, p. 4.
6. Beyer, H., Holtzblatt, K., 1998. Contextual Design: Defining Customer-Centered Systems. Morgan Kaufmann Publishers, Inc.
7. Butler, S., 2000. Security design: Why it's hard to do empirical research. URL 〈http://www-2.cs.cmu.edu/~Vit/paperabstracts/secure.butler.html〉.
8. Butler, T., Fitzgerald, B., 1997. A case study of user participation in the information systems development process. In: ICIS '97: Proceedings of the Eighteenth International Conference on Information Systems. Association for Information Systems, Atlanta, GA, USA, pp. 411-426.
9. CLEF, 2004. Clinical e-science Framework. URL 〈http://www.clinical-escience.org/〉.
10. Darley J., and Latané B. Norms and normative behaviour: field studies of social interdependence. Altruism and Helping Behaviour (1970), Academic Press, New York 83-101
11. Department of Trade and Industry, 2006. Information Security Breaches Survey. URL 〈http://www.pwc.com/uk/eng/ins-sol/publ/pwcdti-fullsurveyresults06.pdf〉.
12. Dhillon G., and Backhouse J. Current directions in is security research: towards socio-organizational perspectives. Information Systems Journal 11 (2001) 127-153
13. EGSO, 2005. European Grid of Solar Observations. URL 〈http://www.egso.org〉.
14. Flechais, I., Sasse, M., Hailes, S. M., 2003. Bringing security home: a process for developing secure and usable systems. In: New Security Paradigms Workshop. ACM Press, New York, USA, pp. 49-57.
15. Flechais I., Mascolo C., and Sasse M. Integrating security and usability into the requirements and design process. International Journal of Electronic Security and Digital Forensics 1 1 (2007) 12-26
16. Gorlenko L. Small world, water coolers, and the challenge of remote collaboration. Interactions vol. 12 (6) (2005), ACM Press, New York, USA 42-44
17. Hitchings J. A practical solution to the complex human issues of information security design. In: Katsikas S.K., and Gritzalis D. (Eds). Information Systems Security: Facing the Information Society of the 21st Century, IFIP Conference Proceedings vol. 54 (1996), Chapman & Hall, Ltd., London 3-12
18. Irestig M., Eriksson H., and Timpka T. The impact of participation in information system design: A comparison of contextual placements. PDC 04: Proceedings of the Eighth Conference on Participatory design (2004), ACM Press, New York, USA 102-111
19. James, H. L., 1996. Managing information systems security: a soft approach. In: Proceedings of the 1996 Information Systems Conference of New Zealand, ISCNZ '96, IEEE Computer Society, October 30-31, 1996, pp. 10-20.
20. Ka-Ping, Y., 2002. User interaction design for secure systems. In: ICICS '02: Proceedings of the 4th International Conference on Information and Communications Security, Springer, London, UK, pp. 278-290. URL 〈http://zesty.ca/sid〉.
21. Martin P., and Turner B. Grounded theory and organizational research. The Journal of Applied Behavioural Science 22 2 (1986) 141-157
22. McDermott, J., Fox, C., 1999. Using abuse cases for security requirements analysis. In: ACSAC '99: Proceedings of the 15th Annual Computer Security Applications Conference, pp. 55-65.
23. Mumford, E., 1983. Designing Human Systems - The Ethics Method. URL 〈http://www.enid.u-net.com/C1book1.htm〉.
24. Mumford, E., Weir, M., 1979. Computer Systems in Work Design - The ETHICS Method. Associated Business Press.
25. Rousseau D. Managing the change to an automated office: lessons from five case studies. Office: Technology & People 4 (1989) 31-52
26. Saltzer J., and Schroeder M. The protection of information in computer systems. Proceeding of the IEEE 63 9 (1975) 1278-1308
27. Sasse, M., Flechais, I., 2005. Usable security: What is it? how do we get it? In: Cranor, L. F., Garfinkel, S. (Eds.), Security and Usability: Designing Secure Systems that People can Use. O'Reilly Books, pp. 13-30.
28. Siponen, M. T., 2001. An analysis of the recent is security development approaches: Descriptive and prescriptive implications. In: Information Security Management: Global Challenges in the New Millennium, Idea Group Publishing, pp. 101-123.
29. Siponen, M., Baskerville, R., 2001. A new paradigm for adding security into IS development methods. In: Proceedings of the IFIP TC11 WG11.1/WG11.2 Eighth Annual Working Conference on Advances in Information Security Management & Small Systems Security, Kluwer, B.V., Deventer, The Netherlands, pp. 99-112.
30. Straub D.W., and Welke R.J. Coping with systems risk: Security planning models for managerial decision-making. MIS Quarterly 22 4 (1998) 441-469
31. Tait P., and Vessey I. The effect of user involvement on system success: A contingency approach. MIS Quarterly 12 1 (1988) 91-107
32. Whitten, A., Tygar, J., 1999. Why johnny can't encrypt: a usability evaluation of PGP 5.0. In: Proceedings of the 8th USENIX Security Symposium, Washington, DC, August 23-36, 1999, pp. 169-184.
33. Wong, E. Y., 1994. A study of user participation in information systems development. URL 〈www.is.cityu.edu.hk/Research/WorkingPapers/paper/9405.pdf〉.
34. Zurko M.E., and Simon R.T. User-centered security. NSPW 1996: Proceedings of the 1996 Workshop on New Security Paradigms (1996), ACM Press, New York, USA 27-33