Usability and security an appraisal of usability issues in information security methods

In the modern multi-user computer environment, Internet-capable network ser vers provide connectivity that allows a large portion of the user populatio n to access information at the desktop from sources around the world. Becau se of the ease with which information can be accessed, computer security br eaches may occur unless systems and restricted information stored therein a re kept secure. Breaches of security can have serious consequences, includi ng theft of confidential corporate documents, compromise of intellectual pr operty, unauthorized modification of systems and data, denial of service, a nd others. Considerable research has been conducted on threats to security. Numerous sophisticated security methods have been developed, many of which rely on individuals to implement and use them. However, these methods may n ot accomplish their intended objectives if they are not used properly. Desp ite the apparent influence of usability, surprisingly little research has b een conducted on the trade-off between usability and the degree of security provided by various information security methods. In the present paper, we review the various information security methods that are used, appraise th e usability issues, and develop a taxonomy to organize these issues. The in tent is to make a strong case for the need for systematic usability analyse s and for the development of usability metrics for information security.