Options
2019
Conference Paper
Titel
Security Managers Are Not The Enemy Either
Abstract
Security managers are leading employees whose decisions shape security measures and thus influence the everyday work of all users in their organizations. To understand how security managers handle user requirements and behavior, we conducted semi-structured interviews with seven security managers from large-scale German companies. Our results indicate that due to the absence of organizational structures that include users into security development processes, security managers unintentionally obtain a negative view on users. Their distrust towards users leads to the creation of technical security measures that cannot be influenced by users in any way. However, as previous research has repeatedly shown, rigid security measures lead to frustration and discouragement of users, and also to creative (but usually insecure) methods of security circumvention. We conclude that in order to break through this vicious cycle, security managers need organizational structures, methods and tools that facilitate systematic feedback from users.