Usable Security is both an academic field and an industrial practice of designing interactive systems that are usable, that increase awareness for information security and provide secure interaction experiences.
Unlike other applications in organizational information security, MUSES does not only enforce information security policies, but it tries to engage and deeply involve employees in information security. Furthermore, it should provide a great user experience and should be fun to use! Usable security is an essential part of the MUSES project.
How can we help employees in complying with information security policies?
AIT – The Austrian Institute of Technology (Unit “Technology Experience”) applies a leading edge approach to do so: the use of so-called persuasive strategies. Persuasive strategies are strategies to change attitudes and behavior into desirable direction.
In the field of organizational information security, employees should develop positive attitudes and behavior towards information security policies. Moreover they should develop an increased awareness for information security in general.
Examples for persuasive strategies in information security are rewards (e.g providing security points or badges to users who engage with security settings), self-monitoring (e.g. providing statistics on the users’ past behaviour regarding security) or social comparisons (e.g. comparing single users to average users regarding security behaviour). In several user studies, AIT has successfully shown the effectiveness of the persuasive security-approach, which will be integrated in the MUSES application. Long-term trials will then show the effectiveness of this approach.