Security usability principles for vulnerability analysis and risk assessment

Abstract

Usability is the weakest link in the security chain of many prominent applications. A set of security usability principles should therefore be considered when designing and engineering IT security solutions. When improving the usability of existing security applications, it is necessary to examine the underlying security technologies used to build them, and consider whether they need to be replaced by totally new security technologies that provide a better basis for good usability. This paper examines a set of security usability principles, proposes how they can be incorporated into the risk management process, and discusses the benefits of applying these principles and process to existing and future security solutions. © 2007 IEEE.