{"title":"寻找麻烦:了解终端用户安全管理","authors":"Joshua B. Gross, M. Rosson","doi":"10.1145/1234772.1234786","DOIUrl":null,"url":null,"abstract":"End users are often cast as the weak link in computer security; they fall victim to social engineering and tend to know very little about security technology and policies. This paper challenges this view as derogatory and unconstructive, arguing that users, as agents of organizations, often have sophisticated strategies regarding sensitive data, and are quite cautious. Existing work on user security practice has failed to consider how users view security; this paper provides content on and analysis of end user perspectives on security management. We suggest that properly designed systems would bridge the knowledge gap (where necessary) and mask levels of detail (where possible), allowing users to manage their security needs in synchrony with the needs of the organization. The evidence for our arguments comes from a set of in-depth interviews with users with no special training on, knowledge of, or interest in computer security. We conclude with guidelines for security and privacy tools that better leverage existing users knowledge.","PeriodicalId":157379,"journal":{"name":"Computer Human Interaction for Management of Information Technology","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"83","resultStr":"{\"title\":\"Looking for trouble: understanding end-user security management\",\"authors\":\"Joshua B. Gross, M. Rosson\",\"doi\":\"10.1145/1234772.1234786\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"End users are often cast as the weak link in computer security; they fall victim to social engineering and tend to know very little about security technology and policies. This paper challenges this view as derogatory and unconstructive, arguing that users, as agents of organizations, often have sophisticated strategies regarding sensitive data, and are quite cautious. Existing work on user security practice has failed to consider how users view security; this paper provides content on and analysis of end user perspectives on security management. We suggest that properly designed systems would bridge the knowledge gap (where necessary) and mask levels of detail (where possible), allowing users to manage their security needs in synchrony with the needs of the organization. The evidence for our arguments comes from a set of in-depth interviews with users with no special training on, knowledge of, or interest in computer security. We conclude with guidelines for security and privacy tools that better leverage existing users knowledge.\",\"PeriodicalId\":157379,\"journal\":{\"name\":\"Computer Human Interaction for Management of Information Technology\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-03-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"83\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Human Interaction for Management of Information Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1234772.1234786\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Human Interaction for Management of Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1234772.1234786","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Looking for trouble: understanding end-user security management
End users are often cast as the weak link in computer security; they fall victim to social engineering and tend to know very little about security technology and policies. This paper challenges this view as derogatory and unconstructive, arguing that users, as agents of organizations, often have sophisticated strategies regarding sensitive data, and are quite cautious. Existing work on user security practice has failed to consider how users view security; this paper provides content on and analysis of end user perspectives on security management. We suggest that properly designed systems would bridge the knowledge gap (where necessary) and mask levels of detail (where possible), allowing users to manage their security needs in synchrony with the needs of the organization. The evidence for our arguments comes from a set of in-depth interviews with users with no special training on, knowledge of, or interest in computer security. We conclude with guidelines for security and privacy tools that better leverage existing users knowledge.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
