Towards a framework to promote the development of secure and usable online information security applications
Loading...
Authors
Mujinga, Mathias
Issue Date
2018-01
Type
Thesis
Language
en
Keywords
Information security , Usable security , Socio-technical , Online banking , STInfoSec , Design principles , User behaviour , South Africa , Heuristic evaluation , Mixed methods research
Alternative Title
Abstract
The proliferation of the internet and associated online activities exposes users to numerous
information security (InfoSec) threats. Such online activities attract a variety of online
users who include novice computer users with no basic InfoSec awareness knowledge.
Information systems that collect and use sensitive and confidential personal information
of users need to provide reliable protection mechanisms to safeguard this information.
Given the constant user involvement in these systems and the notion of users being the
weakest link in the InfoSec chain, technical solutions alone are insufficient. The usability
of online InfoSec systems can play an integral role in making sure that users use the
applications effectively, thereby improving the overall security of the applications.
The development of online InfoSec systems calls for addressing the InfoSec problem as
a social problem, and such development must seek to find a balance between technical
and social aspects. The research addressed the problem of usable security in online
InfoSec applications by using an approach that enabled the consideration of both InfoSec
and usability in viewing the system as a socio-technical system with technical and social
sub-systems. Therefore, the research proposed a socio-technical framework that promotes
the development of usable security for online information systems using online banking
as a case study.
Using a convergent mixed methods research (MMR) design, the research collected data
from online banking users through a survey and obtained the views of online banking
developers through unstructured interviews. The findings from the two research methods
contributed to the selection of 12 usable security design principles proposed in the sociotechnical
information security (STInfoSec) framework.
The research contributed to online InfoSec systems theory by developing a validated
STInfoSec framework that went through an evaluation process by seven field experts.
Although intended for online banking, the framework can be applied to other similar
online InfoSec applications, with minimum adaptation. The STInfoSec framework provides
checklist items that allow for easy application during the development process. The
checklist items can also be used to evaluate existing online banking websites to identify
possible usable security problems.
Description
Citation
Mujinga, Mathias (2018) Towards a framework to promote the development of secure and usable online information security applications, University of South Africa, Pretoria, <http://hdl.handle.net/10500/25087>