Publication detail

Even if users do not read security directives, their behavior is not so catastrophic

MATYÁŠ, V. MALINKA, K. KRAUS, L. KNAPOVÁ, L. KRUŽÍKOVÁ, A.

Original Title

Even if users do not read security directives, their behavior is not so catastrophic

Type

journal article in Scopus

Language

English

Original Abstract

We discuss an effort undertaken at Masaryk University (MU) a Czech university with some 30.000 students where we tried to improve our security directive to motivate users to follow it. From the research perspective, we also wanted to find out more about the current state of affairs from the user perspective: Do users (still not) follow the security policy? At the same time, the fact that our university IT infrastructure management had the intention to redesign the (outdated) security directive, constituted an ideal opportunity for us to deeper investigate the topic. And our initial faith has been hit hard as we describe in some detail in this viewpoint, but it wasnt a wasted effort at all. The data we obtained as a side effect shows a new perspective on this area.

Keywords

security policy, usable security, user behaviour

Authors

MATYÁŠ, V.; MALINKA, K.; KRAUS, L.; KNAPOVÁ, L.; KRUŽÍKOVÁ, A.

Released

15. 1. 2022

Location

New York

ISBN

0001-0782

Periodical

COMMUNICATIONS OF THE ACM

Year of study

65

Number

1

State

United States of America

Pages from

37

Pages to

40

Pages count

4

URL

BibTex

@article{BUT180168,
  author="Václav {Matyáš} and Kamil {Malinka} and Lydia {Kraus} and Lenka {Knapová} and Agáta {Kružíková}",
  title="Even if users do not read security directives, their behavior is not so catastrophic",
  journal="COMMUNICATIONS OF THE ACM",
  year="2022",
  volume="65",
  number="1",
  pages="37--40",
  doi="10.1145/3471928",
  issn="0001-0782",
  url="https://cacm.acm.org/magazines/2022/1/257441"
}