Aligning Security Practice with Policy: Guiding and Nudging towards Better Behavior

dc.contributor.author Furnell, Steven
dc.contributor.author Alotaibi, Faisal
dc.contributor.author Esmael, Rawan
dc.date.accessioned 2019-01-03T00:40:10Z
dc.date.available 2019-01-03T00:40:10Z
dc.date.issued 2019-01-08
dc.description.abstract Despite an abundance of policies being directed towards them, users often struggle to follow good cybersecurity practice. Recognizing that such behaviors do not come naturally, a logical approach is to ensure that users are guided and supported in knowing what to do and how to do it. Unfortunately, such support is often lacking. The paper uses the example of password authentication as a specific context in which cybersecurity behavior is frequently criticized, but where users are often left to manage without sufficient support (as evidenced by examining the lack of related guidance and enforcement of good practice on leading websites). The discussion then proceeds to look at the effect of actively supporting the user, drawing upon the results from two experimental studies (one looking at the practical impact of guidance and feedback upon users’ password choices, and the other examining the effect of gamifying the password selection experience). The results collectively show that such efforts can have tangible positive effects upon user behaviors. While the specific findings are focused upon passwords, similar principles could also be applied to other aspects of user-facing security.
dc.format.extent 10 pages
dc.identifier.doi 10.24251/HICSS.2019.676
dc.identifier.isbn 978-0-9981331-2-6
dc.identifier.uri http://hdl.handle.net/10125/59998
dc.language.iso eng
dc.relation.ispartof Proceedings of the 52nd Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subject Knowledge Management and Information Security
dc.subject Knowledge Innovation and Entrepreneurial Systems
dc.subject Awareness, Gamification Nudges, Passwords, Usability
dc.title Aligning Security Practice with Policy: Guiding and Nudging towards Better Behavior
dc.type Conference Paper
dc.type.dcmi Text
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
0558.pdf
Size:
778.22 KB
Format:
Adobe Portable Document Format
Description: