Secure or usable computers? Revealing employees’ perceptions and trade-offs by means of a discrete choice experiment
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
It is often suggested in the literature that employees regard technical security measures (TSMs) as user-unfriendly, indicating a trade-off between security and usability. However, there is little empirical evidence of such a trade-off, nor about the strength of the associated negative correlation and the importance employees attach to both properties. This paper intends to fill these knowledge gaps by studying employees’ trade-offs concerning the usability and security of TSMs within a discrete choice experiment (DCE) framework. In our DCE, employees are asked to indicate the most preferred security packages that describe combinations of TSMs. In addition, security and usability perceptions of the security packages are explicitly measured and modelled. The models estimated from these observed responses indicate how each TSM affects perceived security, perceived usability and preference. The paper further illustrates how the modelling results can be applied to design highly secure packages that are still preferred by employees. The paper also makes a methodological contribution to the literature by introducing discrete choice experiments to the field of information security.