Workshop participants also grappled with the question of perspective. How might criteria for a usable and secure system differ for people in different roles, including system administrators, security professionals, system owners, end users, security designers, and developers?

Another question raised was whether compliance with usability and security standards might become a condition of connecting to enterprise or public networks. Finally, with respect to the development of standards, it was observed that such efforts would be challenging today given the limited understanding of what constitutes a system that is usable and secure and that appropriately protects personal information. What would be required to develop useful standards? What organizations and institutions are best positioned to develop them?


Central to the topic of usability is a better understanding of users. An approach known as user-centered design addresses the needs, desires, and limitations of users. The related field known as human-centered computing concerns information technology artifacts and their relationship to people. Both approaches are informed by and depend on observation of human behavior. Workshop presentations and discussions approached this topic from several perspectives: user mental models, risk perception and communication, and user incentives. (Incentives, another important topic with respect to understanding users and their motivations, are considered separately below, because they also apply to other actors.)

User Mental Models

“Mental models” describe people’s thought processes and understanding. (A related term used by some speakers was “user metaphors.”) Workshop participants suggested that work to understand and enhance models of security and privacy would be valuable.

A first research topic and logical starting point is to gain a better understanding of the mental models that people apply to security and privacy today. What are the best ways to elicit these current mental models? What do they tell us that could be used to make improvements in today’s systems and in the design of future systems? What specifically do system designers and developers need to know about user mental models to design systems and applications that are usable yet secure?

A second research topic is the development of better models that could be adopted in system design. For example, are there models for security or privacy that have the concreteness and usefulness of the now-familiar desktop and folder scheme? This nearly ubiquitous metaphor

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement