Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

On the possible impact of security technology design on policy adherent user behavior

Results from a controlled empirical experiment
: Kurowski, Sebastian; Fähnrich, Nicolas; Roßnagel, Heiko

Volltext urn:nbn:de:0011-n-4974498 (845 KByte PDF)
MD5 Fingerprint: de5fafd675f986719dfe42776e36ff38
(CC) by-sa
Erstellt am: 29.6.2018

Langweg, Hanno (Hrsg.) ; Gesellschaft für Informatik -GI-, Bonn; Gesellschaft für Informatik -GI-, Fachbereich Sicherheit, Schutz und Zuverlässigkeit:
SICHERHEIT 2018. Sicherheit, Schutz und Zuverlässigkeit : Beiträge der 9. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e. V. (GI); 25.-27. April 2018, Konstanz
Bonn: GI, 2018 (GI-Edition - Lecture Notes in Informatics (LNI). Proceedings 281)
ISBN: 978-3-88579-675-6
ISBN: 3-88579-675-9
Gesellschaft für Informatik, Fachbereich Sicherheit (Jahrestagung) <9, 2018, Konstanz>
Konferenzbeitrag, Elektronische Publikation
Fraunhofer IAO ()

This contribution provides results from a controlled experiment on policy compliance in work environments with restrictive security technologies. The experimental setting involved subjects forming groups and required them to solve complex and creative tasks for virtual customers under increasing time pressure, while frustration and work impediment of the used security technology were measured. All subjects were briefed regarding existing security policies in the experiment setting, and the consequences of violating these policies, as well as the consequences for late delivery or failure to meet the quality criteria of the virtual customer. Policy breaches were observed late in the experiment, when time pressure was peaking. Subjects not only indicated maximum frustration, but also a strong and significant correlation (.765, p.01) with work impediment caused by the security technology. This could indicate that user-centred design does not only contribute to the acceptance of a security technology, but may also be able to positively influence practical information security as a whole.