Deciding between information security and usability: Developing value based objectives

Deciding between security and usability of systems remains an important topic among managers and academics. One of the fundamental problems is to balance the conflicting requirements of security and usability. We argue that definition of objectives for security and usability allows for deciding about the right balance between security and usability. To this effect we propose two instruments for assessing security and usability of systems, and develop them in three phases. In Phase 1 we identified 16 clusters of means and 8 clusters of fundamental objectives using the value-focused thinking approach and interviews with 35 experts. Based on phase 1, in the second phase we collected a sample of 201 users to purify, and ensure reliability and unidimensionality of the two instruments. In the third phase, based on a sample of 418 users we confirmed and validated the two instruments found in Phase 2. This resulted in 14 means objectives organized into four categories (minimize system interruptions and licensing restrictions, maximize information retrieval, maximize system aesthetics, and maximize data quality), and 10 fundamental objectives grouped into four categories (maximize standardization and integration, maximize ease of use, enhance system related communication, and maximize system capability). The objectives offer a useful basis for assessing the extent to which security and usability has been achieved in systems. The objectives also provide a decision basis for balancing security and usability. (C) 2016 Elsevier Ltd. All rights reserved.