Human-centric Security Engineering: Towards a Research Agenda

Abstract

While the importance of designing for user experience has long been acknowledged, there has been relatively little exploration of the actual processes involved in constructing usable and cybersecure systems. In many conventional projects, cybersecurity and usability are not considered primary goals, making them likely candidates for sacrifice in the rush to meet project deadlines. Unfortunately, designing systems with both cybersecurity and usability in mind is easier said than done and typically requires a change towards an organizational culture more conducive of human-centric designing. This position paper advocates for expanded research to explore the connection between culture and engineering practices, highlighting their impact on advancing a cyber-secure society. We explore ways in which the behavior of software development team members towards designing software and products that are both usable and cybersecure can be influenced through organizational culture. We conclude that initiating change within culture requires additional knowledge that future research must seek to provide. Three of these areas are discussed in the paper for immediate attention. The practical implication of this paper is that it encourages research in the field and provides some propositions to guide future empirical investigations.

Keywords: Security-by-Design, Human-Computer Interaction and Security (HCISec), Cybersecurity, Software development

DOI: 10.54941/ahfe1005596