Skip to main content

Computer security impaired by legitimate users

Besnard, Denis, Arief, Budi (2004) Computer security impaired by legitimate users. Computers and Security, 23 (3). pp. 253-264. ISSN 0167-4048. (doi:10.1016/j.cose.2003.09.002) (KAR id:58698)


Computer security has traditionally been assessed from a technical point of view. Another way to assess it is by investigating the role played by legitimate users of systems in impairing the level of protection. In order to address this issue, we wish to adopt a multidisciplinary standpoint and investigate some of the human aspects involved in computer security. From research in psychology, it is known that people make biased decisions. They sometimes overlook rules in order to gain maximum benefits for the cost of a given action. This situation leads to insidious security lapses whereby the level of protection is traded-off against usability. In this paper, we highlight the cognitive processes underlying such security impairments. At the end of the paper, we propose a short usability-centred set of recommendations.

Item Type: Article
DOI/Identification number: 10.1016/j.cose.2003.09.002
Uncontrolled keywords: Cognitive psychology, Computer security, Cost-benefit trade-offs, Risk, Work practices, Behavioral research, Cost benefit analysis, Electronic commerce, Information technology, Monitoring, Online systems, Professional aspects, Risks, User interfaces, Cognitive psychology, Cost benefit trade-offs, Work practices, Security of data
Subjects: Q Science
Divisions: Faculties > Sciences > School of Computing
Depositing User: Budi Arief
Date Deposited: 17 Nov 2016 11:36 UTC
Last Modified: 01 Aug 2019 10:41 UTC
Resource URI: (The current URI for this page, for reference purposes)
Arief, Budi:
  • Depositors only (login required):


Downloads per month over past year