Detail publikace
Even if users do not read security directives, their behavior is not so catastrophic
Malinka Kamil, Mgr., Ph.D. (UITS)
Kraus Lydia, Dr.-Ing.
Knapová Lenka, Mgr.
Kružíková Agáta, RNDr.
security policy, usable security, user behaviour
We discuss an effort undertaken at Masaryk University (MU) a Czech university with some 30.000 students where we tried to improve our security directive to motivate users to follow it. From the research perspective, we also wanted to find out more about the current state of affairs from the user perspective: Do users (still not) follow the security policy? At the same time, the fact that our university IT infrastructure management had the intention to redesign the (outdated) security directive, constituted an ideal opportunity for us to deeper investigate the topic. And our initial faith has been hit hard as we describe in some detail in this viewpoint, but it wasnt a wasted effort at all. The data we obtained as a side effect shows a new perspective on this area.
@article{BUT180168,
author="Václav {Matyáš} and Kamil {Malinka} and Lydia {Kraus} and Lenka {Knapová} and Agáta {Kružíková}",
title="Even if users do not read security directives, their behavior is not so catastrophic",
journal="COMMUNICATIONS OF THE ACM",
year="2022",
volume="65",
number="1",
pages="37--40",
doi="10.1145/3471928",
issn="0001-0782",
url="https://cacm.acm.org/magazines/2022/1/257441"
}