Publication Details

Even if users do not read security directives, their behavior is not so catastrophic

MATYÁŠ, V.; MALINKA, K.; KRAUS, L.; KNAPOVÁ, L.; KRUŽÍKOVÁ, A. Even if users do not read security directives, their behavior is not so catastrophic. COMMUNICATIONS OF THE ACM, 2022, vol. 65, no. 1, p. 37-40. ISSN: 0001-0782.
Type
journal article
Language
English
Authors
Matyáš Václav, Dr. (CM-SFE)
Malinka Kamil, Mgr., Ph.D. (DITS)
Kraus Lydia, Dr.-Ing.
Knapová Lenka, Mgr.
Kružíková Agáta, RNDr.
URL
Keywords

security policy, usable security, user behaviour

Abstract

We discuss an effort undertaken at Masaryk University (MU) a Czech university
with some 30.000 students where we tried to improve our security directive to
motivate users to follow it. From the research perspective, we also wanted to
find out more about the current state of affairs from the user perspective: Do
users (still not) follow the security policy? At the same time, the fact that our
university IT infrastructure management had the intention to redesign the
(outdated) security directive, constituted an ideal opportunity for us to deeper
investigate the topic. And our initial faith has been hit hard as we describe in
some detail in this viewpoint, but it wasnt a wasted effort at all. The data we
obtained as a side effect shows a new perspective on this area.

Published
2022
Pages
37–40
Journal
COMMUNICATIONS OF THE ACM, vol. 65, no. 1, ISSN 0001-0782
Book
Communications of the ACM
Place
New York
DOI
10.1145/3471928
EID Scopus
2-s2.0-85122153281
BibTeX 
@article{BUT180168,
  author="Václav {Matyáš} and Kamil {Malinka} and Lydia {Kraus} and Lenka {Knapová} and Agáta {Kružíková}",
  title="Even if users do not read security directives, their behavior is not so catastrophic",
  journal="COMMUNICATIONS OF THE ACM",
  year="2022",
  volume="65",
  number="1",
  pages="37--40",
  doi="10.1145/3471928",
  issn="0001-0782",
  url="https://cacm.acm.org/magazines/2022/1/257441"
}
Back to top