Looking for trouble: Understanding end-user security management

Joshua B. Gross, Mary Beth Rosson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

35 Scopus citations

Abstract

End users are often cast as the weak link in computer security; they fall victim to social engineering and tend to know very little about security technology and policies. This paper challenges this view as derogatory and unconstructive, arguing that users, as agents of organizations, often have sophisticated strategies regarding sensitive data, and are quite cautious. Existing work on user security practice has failed to consider how users view security; this paper provides content on and analysis of end user perspectives on security management. We suggest that properly designed systems would bridge the knowledge gap (where necessary) and mask levels of detail (where possible), allowing users to manage their security needs in synchrony with the needs of the organization. The evidence for our arguments comes from a set of in-depth interviews with users with no special training on, knowledge of, or interest in computer security. We conclude with guidelines for security and privacy tools that better leverage existing users knowledge.

Original languageEnglish (US)
Title of host publicationProceedings of the 2007 Symposium on Computer Human Interaction for the Management of Information Technology, CHIMIT '07
DOIs
StatePublished - 2007
Event2007 Symposium on Computer Human Interaction for the Management of Information Technology, CHIMIT '07 - Cambridge, MA, United States
Duration: Mar 30 2007Mar 31 2007

Other

Other2007 Symposium on Computer Human Interaction for the Management of Information Technology, CHIMIT '07
CountryUnited States
CityCambridge, MA
Period3/30/073/31/07

All Science Journal Classification (ASJC) codes

  • Human-Computer Interaction
  • Information Systems

Fingerprint Dive into the research topics of 'Looking for trouble: Understanding end-user security management'. Together they form a unique fingerprint.

Cite this