While working around security

Abstract

The title of this paper describes our work at two levels. First of all the paper discusses how users of IT deal with issues of IT security in their everyday life. Secondly, we discuss how the kind of understanding of IT security that comes out of careful analyses of use confronts the ways in which usable IT security is established in the literature. Recent literature has called for better conceptual models as starting point for improving IT security. In contrast to such models we propose to dress up designers by helping them understand better the work that goes into everyday security. The result is a methodological toolbox that helps address and design for usable and useful IT security. We deploy examples of analyses and design, carried out by ourselves and by others to fine-tune our design perspective; in particular we use examples from three current research projects.