Even if users do not read security directives, their behavior is not so catastrophic
Authors | |
---|---|
Year of publication | 2022 |
Type | Article in Periodical |
Magazine / Source | Communications of the ACM |
MU Faculty or unit | |
Citation | |
Web | https://cacm.acm.org/magazines/2022/1/257441 |
Doi | http://dx.doi.org/10.1145/3471928 |
Keywords | security policy; usable security; user behaviour |
Description | We discuss an effort undertaken at Masaryk University (MU) – a Czech university with some 30.000 students – where we tried to improve our security directive to motivate users to follow it. From the research perspective, we also wanted to find out more about the current state of affairs from the user perspective: Do users (still not) follow the security policy? At the same time, the fact that our university IT infrastructure management had the intention to redesign the (outdated) security directive, constituted an ideal opportunity for us to deeper investigate the topic. And our initial faith has been hit hard – as we describe in some detail in this viewpoint, but it wasn’t a wasted effort at all. The data we obtained as a side effect shows a new perspective on this area. |
Related projects: |