Abstract
End users are often cast as the weak link in computer security; they fall victim to social engineering and tend to know very little about security technology and policies. This paper challenges this view as derogatory and unconstructive, arguing that users, as agents of organizations, often have sophisticated strategies regarding sensitive data, and are quite cautious. Existing work on user security practice has failed to consider how users view security; this paper provides content on and analysis of end user perspectives on security management. We suggest that properly designed systems would bridge the knowledge gap (where necessary) and mask levels of detail (where possible), allowing users to manage their security needs in synchrony with the needs of the organization. The evidence for our arguments comes from a set of in-depth interviews with users with no special training on, knowledge of, or interest in computer security. We conclude with guidelines for security and privacy tools that better leverage existing users knowledge.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings of the 2007 Symposium on Computer Human Interaction for the Management of Information Technology, CHIMIT '07 |
| DOIs | |
| State | Published - 2007 |
| Event | 2007 Symposium on Computer Human Interaction for the Management of Information Technology, CHIMIT '07 - Cambridge, MA, United States Duration: Mar 30 2007 → Mar 31 2007 |
Other
| Other | 2007 Symposium on Computer Human Interaction for the Management of Information Technology, CHIMIT '07 |
|---|---|
| Country/Territory | United States |
| City | Cambridge, MA |
| Period | 3/30/07 → 3/31/07 |
All Science Journal Classification (ASJC) codes
- Human-Computer Interaction
- Information Systems