ABSTRACT
The aim of this paper is to establish the foundations for developing a mental model that bridges the gap between usability and security in user-centred designs. To this purpose, a meta-model has been developed to align design features with the users’ requirements through tacit knowledge elicitation. The meta-model describes the combinatorial relationships of Security, Usability and Mental (SUM) and how these components can be used to design a usable and secure system. The SUM meta-model led to the conclusion that there is no antagonism between usability and security. However, the degree of usable security depends on the ability of the designer to capture and implement the user’s tacit knowledge. In fact, the SUM meta-model seeks the dilution of the trading-off effects between security and usability through compensating synergism of the tacit knowledge. A usability security cognitive map has been developed for the major constituents of usability and security to clarify the interactions and their influences on the meta-model stipulations. The three intersecting areas of the three components’ relationships are manipulated to expand the Optimal Equilibrium Solution (OES) (δ) expanse. To put the SUM meta-model into practice, knowledge management principles have been proposed for implementing user-centred security and user-centred design. This is accomplished by using collaborative brainpower from various knowledge constellations to design a system within the user’s current and future perception boundaries. Therefore, different knowledge groups, processes, techniques, tactics and practices have been proposed for knowledge transfer and transformation during the mental model development.
Acknowledgements
The authors would like to thank Dr Arthur Murray CEO of Applied Knowledge Sciences Inc. for his heedful review of the manuscript many times and his enlightening comments on the role of Knowledge Management in usable security. We also express our sincere gratitude to Dr Roger Seeholzer and Mr Eric Barlow of the US Department of Homeland Security in Washington, DC for their meticulous editing, proofreading and constructive comments on security issues.
Disclosure statement
No potential conflict of interest was reported by the authors.