In the modern multi-user computer environment, Internet-capable network ser
vers provide connectivity that allows a large portion of the user populatio
n to access information at the desktop from sources around the world. Becau
se of the ease with which information can be accessed, computer security br
eaches may occur unless systems and restricted information stored therein a
re kept secure. Breaches of security can have serious consequences, includi
ng theft of confidential corporate documents, compromise of intellectual pr
operty, unauthorized modification of systems and data, denial of service, a
nd others. Considerable research has been conducted on threats to security.
Numerous sophisticated security methods have been developed, many of which
rely on individuals to implement and use them. However, these methods may n
ot accomplish their intended objectives if they are not used properly. Desp
ite the apparent influence of usability, surprisingly little research has b
een conducted on the trade-off between usability and the degree of security
provided by various information security methods. In the present paper, we
review the various information security methods that are used, appraise th
e usability issues, and develop a taxonomy to organize these issues. The in
tent is to make a strong case for the need for systematic usability analyse
s and for the development of usability metrics for information security.