People ignore design that ignores people

Abstract

Research shows that most of the security issues arise through human shortcomings, instead of technical issues (Abawajy, 2014). Therefore, users of information systems have to become more security aware. The reasonable solution to these human shortcomings was to provide users with policies that tell them what to do and have the technical systems behind them for support. However, within an organisational environment, information technology is increasingly needed for the completion of work activities. This creates problems for users to follow policies that require an excessive amount of effort and introduces human errors. Mainly caused by employees feeling like the amount of effort is unreasonable and not fitting into their daily work activities (Kirlappos, Parkin, & Sasse, 2014). Subsequently, cyber attacks are mostly caused by liabilities created due to the human error and social engineering (Schneier, 2015). Therefore, it is of importance for organisations to find a way to manage security in an effective manner, by taking into account the interactions between the social and physical environment. Accordingly, there is a possibility that employees find complying to security rules and procedures to have higher costs than benefits to their company. Finally, it is fundamental to find aspects where the business and security processes clash, in order to improve the security and productivity of the organisation (Beautement, Becker, Parkin, Krol, & Sasse, 2016).