When Convenience Trumps Security: Defining Objectives for Security and Usability of Systems

  • Gurpreet Dhillon
  • Tiago Oliveira
  • Santa Susarapu
  • Mário Caldeira
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 376)


Security and usability of systems continues to be an important topic for managers and academics alike. In this paper we propose two instruments for assessing security and usability of systems. These instruments were developed in two phases. In Phase 1, using the value-focused thinking approach and interviews with 35 experts, we identified 16 clusters of means and 8 clusters of fundamental objectives. In phase 2 drawing on a sample of 201 users we administered a survey to purify, ensure reliability, and unidimensionality of the two instruments. This resulted in 15 means objectives, organized into four categories (minimize system interruptions and licensing restrictions, maximize information retrieval, maximize system aesthetics, and maximize data quality) and 12 fundamental objectives grouped into four categories (maximize standardization and integration, maximize ease of use, maximize system capability, and enhance system related communication). Collectively the objectives offer a useful basis for assessing the extent to which security and usability has been achieved in systems.


security values usability values value focused-thinking qualitative methods instrument development quantitative methods 


  1. 1.
    Yee, K.P.: Aligning security and usability. IEEE Security & Privacy 2, 48–55 (2004)Google Scholar
  2. 2.
    DeWitt, A.J., Kuljis, J.: Aligning usability and security: a usability study of Polaris. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 1–7. ACM, Pittsburgh (2006)CrossRefGoogle Scholar
  3. 3.
    Frøkjær, E., Hertzum, M., Hertzum, M., Hornbæk, K.: Measuring usability: are effectiveness, efficiency, and satisfaction really correlated? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 345–352. ACM, The Hague (2000)CrossRefGoogle Scholar
  4. 4.
    Baskerville, R.: Information systems security design methods: implications for information systems development. Computing Surveys 25, 375–414 (1993)CrossRefGoogle Scholar
  5. 5.
    Dhillon, G.: Managing information system security. Macmillan, London (1997)Google Scholar
  6. 6.
    Keeney, R.L.: Value-focused thinking. Harvard University Press, Cambridge (1992)Google Scholar
  7. 7.
    Dhillon, G., Torkzadeh, G.: Value-focused assessment of information system security in organizations. Information Systems Journal 16, 293–314 (2006)CrossRefGoogle Scholar
  8. 8.
    Torkzadeh, G., Dhillon, G.: Measuring factors that influence the success of Internet commerce. Information Systems Research 13, 187–204 (2002)CrossRefGoogle Scholar
  9. 9.
    Keeney, R.L.: The value of Internet commerce to the customer. Manage. Sci. 45, 533–542 (1999)CrossRefGoogle Scholar
  10. 10.
    Boudreau, M.C., Gefen, D., Straub, D.W.: Validation in information systems research: A state-of-the-art assessment. MIS Quarterly 25, 1–16 (2001)CrossRefGoogle Scholar
  11. 11.
    Churchill, G.A.: Paradigm for Developing Better Measures of Marketing Constructs. Journal of Marketing Research 16, 64–73 (1979)CrossRefGoogle Scholar
  12. 12.
    Weiss, D.J.: Factor analysis and counseling research. Journal of Counseling Psychology 17, 477–485 (1970)CrossRefGoogle Scholar
  13. 13.
    Sharma, S.: Applied Multivariate Techniques. John Wiley & Sons, Inc., New York (1996)Google Scholar
  14. 14.
    Nunnally, J.C.: Psychometric Theory. McGraw-Hill, New York (1978)Google Scholar
  15. 15.
    Venkatesh, V.: Determinants of perceived ease of use: Integrating control, intrinsic motivation, and emotion into the technology acceptance model. Information Systems Research 11, 342–365 (2000)CrossRefGoogle Scholar
  16. 16.
    Earls, M.J., Skyrme, D.J.: Hybrid managers — what do we know about them? Information Systems Journal 2, 169–187 (1992)CrossRefGoogle Scholar
  17. 17.
    Dhillon, G.: Organizational competence for harnessing IT: A case study. Information & Management 45, 297–303 (2008)CrossRefGoogle Scholar
  18. 18.
    Dzida, W.: International usability standards. ACM Computing Surveys 28, 173–175 (1996)CrossRefGoogle Scholar
  19. 19.
    Grabosky, P., Smith, R.: Telecommunication fraud in the digital age: The convergence of technologies. In: Wall, D.S. (ed.) Crime and the Internet. Routledge, London (2001)Google Scholar
  20. 20.
    Griffith, V., Jakobsson, M.: Messin’ with Texas Deriving Mother’s Maiden Names Using Public Records. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 91–103. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Redman, T.C.: The impact of poor data quality on the typical enterprise. Communications of the ACM 41, 79–82 (1998)CrossRefGoogle Scholar
  22. 22.
    Arts, D.G.T., de Keizer, N.F., Scheffer, G.J.: Defining and improving data quality in medical registries: A literature review, case study, and generic framework. Journal of the American Medical Informatics Association 9, 600–611 (2002)CrossRefGoogle Scholar
  23. 23.
    Leon, O.G.: Value-focused thinking versus alternative-focused thinking: Effects on generation of objectives. Organizational Behavior and Human Decision Processes 80, 213–227 (1999)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Gurpreet Dhillon
    • 1
  • Tiago Oliveira
    • 2
  • Santa Susarapu
    • 1
  • Mário Caldeira
    • 3
  1. 1.School of BusinessVirginia Commonwealth UniversityRichmondUSA
  2. 2.ISEGIUniversidade Nova de LisboaPortugal
  3. 3.ISEGTechnical University of LisbonPortugal

Personalised recommendations