Even if users do not read security directives, their behavior is not so catastrophic

Investor logo

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.
Authors

MATYÁŠ Václav MALINKA Kamil KRAUS Lydia KNAPOVÁ Lenka KRUŽÍKOVÁ Agáta

Year of publication 2022
Type Article in Periodical
Magazine / Source Communications of the ACM
MU Faculty or unit

Faculty of Informatics

Citation
Web https://cacm.acm.org/magazines/2022/1/257441
Doi http://dx.doi.org/10.1145/3471928
Keywords security policy; usable security; user behaviour
Description We discuss an effort undertaken at Masaryk University (MU) – a Czech university with some 30.000 students – where we tried to improve our security directive to motivate users to follow it. From the research perspective, we also wanted to find out more about the current state of affairs from the user perspective: Do users (still not) follow the security policy? At the same time, the fact that our university IT infrastructure management had the intention to redesign the (outdated) security directive, constituted an ideal opportunity for us to deeper investigate the topic. And our initial faith has been hit hard – as we describe in some detail in this viewpoint, but it wasn’t a wasted effort at all. The data we obtained as a side effect shows a new perspective on this area.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info