A structured approach to the design of viable security systems

This paper argues that the widely lamented failure of many security solutions in the market is due to an overly technology- and complexity-driven design approach. We argue it is the responsibility of the systems designers to make sure that their designs lead to an increased security when implemented in practice, including both adoption and usability aspects. We build on earlier approaches and findings from IT security and related disciplines, but integrate them in a larger paradigmatic framework targeting specifically the security domain. To achieve a viable security solution, designers have to make sure that their solution provides an effective security improvement and is compliant with market demands. We present several methods that can be applied to assess market compliance already in early stages of design process.