A framework to evaluate usable security in online social networking
- Authors: Yeratziotis, Alexandros
- Date: 2011
- Subjects: Online social networks -- Security measures , Computer security , Data protection
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9807 , http://hdl.handle.net/10948/d1012933
- Description: It is commonly held in the literature that users find security and privacy difficult to comprehend. It is also acknowledged that most end-user applications and websites have built-in security and privacy features. Users are expected to interact with these in order to protect their personal information. However, security is generally a secondary goal for users. Considering the complexity associated with security in combination with the notion that it is not users’ primary task, it makes sense that users tend to ignore their security responsibilities. As a result, they make poor security-related decisions and, consequently, their personal information is at risk. Usable Security is the field that investigates these types of issue, focusing on the design of security and privacy features that are usable. In order to understand and appreciate the complexities that exist in the field of Usable Security, the research fields of Human-Computer Interaction and Information Security should be examined. Accordingly, the Information Security field is concerned with all aspects pertaining to the security and privacy of information, while the field of Human-Computer Interaction is concerned with the design, evaluation and implementation of interactive computing systems for human use. This research delivers a framework to evaluate Usable Security in online social networks. In this study, online social networks that are particular to the health domain were used as a case study and contributed to the development of a framework consisting of three components: a process, a validation tool and a Usable Security heuristic evaluation. There is no existing qualitative process that describes how one would develop and validate a heuristic evaluation. In this regard a heuristic evaluation is a usability inspection method that is used to evaluate the design of an interface for any usability violations in the field of Human-Computer Interaction. Therefore, firstly, a new process and a validation tool were required to be developed. Once this had been achieved, the process could then be followed to develop a new heuristic evaluation that is specific to Usable Security. In order to assess the validity of a new heuristic evaluation a validation tool is used. The development of tools that can improve the design of security and privacy features on end-user applications and websites in terms of their usability is critical, as this will ensure that the intended users experience them as usable and can utilise them effectively. The framework for evaluating Usable Security contributes to this objective in the context of online social networks.
- Full Text:
- Date Issued: 2011
- Authors: Yeratziotis, Alexandros
- Date: 2011
- Subjects: Online social networks -- Security measures , Computer security , Data protection
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9807 , http://hdl.handle.net/10948/d1012933
- Description: It is commonly held in the literature that users find security and privacy difficult to comprehend. It is also acknowledged that most end-user applications and websites have built-in security and privacy features. Users are expected to interact with these in order to protect their personal information. However, security is generally a secondary goal for users. Considering the complexity associated with security in combination with the notion that it is not users’ primary task, it makes sense that users tend to ignore their security responsibilities. As a result, they make poor security-related decisions and, consequently, their personal information is at risk. Usable Security is the field that investigates these types of issue, focusing on the design of security and privacy features that are usable. In order to understand and appreciate the complexities that exist in the field of Usable Security, the research fields of Human-Computer Interaction and Information Security should be examined. Accordingly, the Information Security field is concerned with all aspects pertaining to the security and privacy of information, while the field of Human-Computer Interaction is concerned with the design, evaluation and implementation of interactive computing systems for human use. This research delivers a framework to evaluate Usable Security in online social networks. In this study, online social networks that are particular to the health domain were used as a case study and contributed to the development of a framework consisting of three components: a process, a validation tool and a Usable Security heuristic evaluation. There is no existing qualitative process that describes how one would develop and validate a heuristic evaluation. In this regard a heuristic evaluation is a usability inspection method that is used to evaluate the design of an interface for any usability violations in the field of Human-Computer Interaction. Therefore, firstly, a new process and a validation tool were required to be developed. Once this had been achieved, the process could then be followed to develop a new heuristic evaluation that is specific to Usable Security. In order to assess the validity of a new heuristic evaluation a validation tool is used. The development of tools that can improve the design of security and privacy features on end-user applications and websites in terms of their usability is critical, as this will ensure that the intended users experience them as usable and can utilise them effectively. The framework for evaluating Usable Security contributes to this objective in the context of online social networks.
- Full Text:
- Date Issued: 2011
A model for cultivating resistance to social engineering attacks
- Authors: Jansson, Kenny
- Date: 2011
- Subjects: Computer security , Data protection , Human-computer interaction
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9744 , http://hdl.handle.net/10948/1588 , Computer security , Data protection , Human-computer interaction
- Description: The human being is commonly considered as being the weakest link in information security. Subsequently, as information is one of the most critical assets in an organization today, it is essential that the human element is considered in deployments of information security countermeasures. However, the human element is often neglected in this regard. Consequently, many criminals are now targeting the user directly to obtain sensitive information instead of spending days or even months trying to hack through systems. Some criminals are targeting users by utilizing various social engineering techniques to deceive the user into disclosing information. For this reason, the users of the Internet and ICT-related technologies are nowadays very vulnerable to various social engineering attacks. As a contribution to increase users’ social engineering awareness, a model – called SERUM – was devised. SERUM aims to cultivate social engineering resistance within a community through exposing the users of the community to ‘fake’ social engineering attacks. The users that react incorrectly to these attacks are instantly notified and requested to participate in an online social engineering awareness program. Thus, users are educated on-demand. The model was implemented as a software system and was utilized to conduct a phishing exercise on all the students of the Nelson Mandela Metropolitan University. The aim of the phishing exercise was to determine whether SERUM is effective in cultivating social engineering resistant behaviour within a community. This phishing exercise proved to be successful and positive results emanated. This indicated that a model like SERUM can indeed be used to educate users regarding phishing attacks.
- Full Text:
- Date Issued: 2011
- Authors: Jansson, Kenny
- Date: 2011
- Subjects: Computer security , Data protection , Human-computer interaction
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9744 , http://hdl.handle.net/10948/1588 , Computer security , Data protection , Human-computer interaction
- Description: The human being is commonly considered as being the weakest link in information security. Subsequently, as information is one of the most critical assets in an organization today, it is essential that the human element is considered in deployments of information security countermeasures. However, the human element is often neglected in this regard. Consequently, many criminals are now targeting the user directly to obtain sensitive information instead of spending days or even months trying to hack through systems. Some criminals are targeting users by utilizing various social engineering techniques to deceive the user into disclosing information. For this reason, the users of the Internet and ICT-related technologies are nowadays very vulnerable to various social engineering attacks. As a contribution to increase users’ social engineering awareness, a model – called SERUM – was devised. SERUM aims to cultivate social engineering resistance within a community through exposing the users of the community to ‘fake’ social engineering attacks. The users that react incorrectly to these attacks are instantly notified and requested to participate in an online social engineering awareness program. Thus, users are educated on-demand. The model was implemented as a software system and was utilized to conduct a phishing exercise on all the students of the Nelson Mandela Metropolitan University. The aim of the phishing exercise was to determine whether SERUM is effective in cultivating social engineering resistant behaviour within a community. This phishing exercise proved to be successful and positive results emanated. This indicated that a model like SERUM can indeed be used to educate users regarding phishing attacks.
- Full Text:
- Date Issued: 2011
- «
- ‹
- 1
- ›
- »