Abstract
It is widely recognised that end-users can make or break effective security, depending upon the extent to which they adopt and maintain the required protection. Assuming that they can be convinced to use it in the first place, an ongoing risk is that they may latter disable or circumvent the controls, or start using them in a less effective manner. One possible cause here will be the potential for security fatigue, in which the overhead or difficulty involved in using the available protection is progressively seen to outweigh the benefit of doing so. This article explains the concept of fatigue in a security context, and examines the extent to which it may be encountered with the different security technologies routinely encountered by end-users. Consideration is then given to the underlying factors that contribute to potential fatigue, the interrelationships that may exist between them, and the further influences that may be drawn from other aspects (such as the way that security is promoted within a given organisation). Having identified the problem, thought is then given to the means by which it can be recognised and potentially mitigated.
Original language | English |
---|---|
Pages (from-to) | 7-11 |
Number of pages | 0 |
Journal | Computer Fraud & Security |
Volume | 2009 |
Issue number | 11 |
Publication status | In preparation - 1 Nov 2009 |