An Economic View Usable Security

Опубликовано 17 августа 2016, 21:36

The past 10 years have seen a significant body of research aiming to improve the usability of security mechanisms. This activity has produced a wealth of new and/or improved security mechanisms - novel authentication mechanisms in particular. However, very few of these have been adopted in corporate or e-commerce environments - the proliferation of passwords is continuing, even though users despair and security people argue they are not secure. Based on research carried out as part of the Trust Economics project (www.trust-economics.org), we argue that a failure to recognise the full cost of unusable security and resulting non-compliance means key decision-makers are reluctant to consider new solutions. We present a method for modeling the full cost of operating security mechanisms, which includes the impact on individual and organisational productivity.