The usability/security trade-off indicates the inversely proportional relationship that seems to exist between usability and security. The more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. So far, attempts to reduce the gap between usability and security have been unsuccessful. In this paper, we offer a theoretical perspective to exploit this tradeoff rather than fight it, as well as a practical approach to the use of contextual improvements in system usability to reward secure behavior. The theoretical perspective, based on the concept of reinforcement, has been successfully applied to several domains, and there is no reason to believe that the cybersecurity domain will represent an exception. Although the purpose of this article is to devise a research agenda, we also provide an example based on a single-case study where we apply the rationale underlying our proposal in a laboratory experiment.

Getting Rid of the Usability/Security Trade-Off: A Behavioral Approach / DI NOCERA, Francesco; Tempestini, Giorgia. - In: JOURNAL OF CYBERSECURITY AND PRIVACY. - ISSN 2624-800X. - 2:2(2022), pp. 245-256. [10.3390/jcp2020013]

Getting Rid of the Usability/Security Trade-Off: A Behavioral Approach

Francesco Di Nocera
Primo
;
Giorgia Tempestini
Secondo
2022

Abstract

The usability/security trade-off indicates the inversely proportional relationship that seems to exist between usability and security. The more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. So far, attempts to reduce the gap between usability and security have been unsuccessful. In this paper, we offer a theoretical perspective to exploit this tradeoff rather than fight it, as well as a practical approach to the use of contextual improvements in system usability to reward secure behavior. The theoretical perspective, based on the concept of reinforcement, has been successfully applied to several domains, and there is no reason to believe that the cybersecurity domain will represent an exception. Although the purpose of this article is to devise a research agenda, we also provide an example based on a single-case study where we apply the rationale underlying our proposal in a laboratory experiment.
2022
usability; cybersecurity; behavior analysis; token economy; gamification
01 Pubblicazione su rivista::01a Articolo in rivista
Getting Rid of the Usability/Security Trade-Off: A Behavioral Approach / DI NOCERA, Francesco; Tempestini, Giorgia. - In: JOURNAL OF CYBERSECURITY AND PRIVACY. - ISSN 2624-800X. - 2:2(2022), pp. 245-256. [10.3390/jcp2020013]
File allegati a questo prodotto
File Dimensione Formato  
Di Nocera_Getting Rid_2022.pdf

accesso aperto

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Creative commons
Dimensione 416.15 kB
Formato Adobe PDF
416.15 kB Adobe PDF

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1626535
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? ND
social impact