Achieving Usable Security and Privacy Through Human-Centered Design
- Users should always play a central role in the development of (software) solutions. The human-centered design (HCD) process in the ISO 9241-210 standard proposes a procedure for systematically involving users. However, due to its abstraction level, the HCD process provides little guidance for how it should be implemented in practice. In this chapter, we propose three concrete practical methods that enable the reader to develop usable security and privacy (USP) solutions using the HCD process. This chapter equips the reader with the procedural knowledge and recommendations to: (1) derive mental models with regard to security and privacy, (2) analyze USP needs and privacy-related requirements, and (3) collect user characteristics on privacy and structure them by user group profiles and into privacy personas. Together, these approaches help to design measures for a user-friendly implementation of security and privacy measures based on a firm understanding of the key stakeholders.
Document Type: | Part of a Book |
---|---|
Language: | English |
Author: | Eduard C. Groen, Denis Feth, Svenja Polst, Jan Tolsdorf, Stephan Wiefling, Luigi Lo Iacono, Hartmut Schmitt |
Parent Title (English): | Gerber, Stöver et al. (Eds.): Human Factors in Privacy Research |
Number of pages: | 31 |
First Page: | 83 |
Last Page: | 113 |
ISBN: | 978-3-031-28642-1 |
URN: | urn:nbn:de:hbz:1044-opus-82534 |
DOI: | https://doi.org/10.1007/978-3-031-28643-8_5 |
Publisher: | Springer |
Place of publication: | Cham |
Publishing Institution: | Hochschule Bonn-Rhein-Sieg |
Date of first publication: | 2023/03/10 |
Copyright: | © 2023 The Author(s). This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License. |
Funding: | This work is funded by the German Federal Ministry of Education and Research (BMBF) (grant numbers 16KIS1506K, 16KIS1507, and 16KIS1508). |
Keyword: | Human-Centered Design; Requirements Engineering; Usable Security and Privacy; User experience design; User-centered privacy engineering |
Departments, institutes and facilities: | Fachbereich Informatik |
Institut für Cyber Security & Privacy (ICSP) | |
Projects: | KMU-innovativ - KMUi-Verbundprojekt: Adaptive Datenschutz-Cockpits in digitalen Ökosystemen - Daccord -; Teilvorhaben: Evaluierte Werkzeuge zur effektiven, effizienten und zufriedenstellenden Ausübung der Datenschutzrechte ... (DE/BMBF/16KIS1508) |
Dewey Decimal Classification (DDC): | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 006 Spezielle Computerverfahren |
Entry in this database: | 2024/04/10 |
Licence (German): | Creative Commons - CC BY - Namensnennung 4.0 International |