香港六合彩中特网

香港六合彩中特网 Computer Science research has shaped UK government guidance on how public bodies, businesses, charities, and home users manage passwords more sustainably, without compromising users鈥� security.

Research published in 2003 by Professor Angela Sasse and Dr Simon Parkin (香港六合彩中特网 Computer Science) analysed system logs of login attempts for hundreds of users and showed that users struggle to manage an increasing number of passwords. 听

The research suggested re-considering the 鈥�3-strikes鈥� policy commonly applied to password login systems as an immediate way of reducing this demand. They found that not having to change a password reduces the mental load on users and increasing the number of login attempts to 10 reduces the time taken away from, and interference caused with, users鈥� production tasks. 听

Balancing security, productivity and morale

In 2008, Professor Sasse and her team developed the compliance budget concept, which explains how friction between information security and business process reduces both security compliance and personal and organizational productivity. The user鈥檚 ability to comply 鈥� the 鈥榗ompliance budget鈥� 鈥� is limited and needs to be managed like any other finite corporate resource. 听

The compliance budget concept includes ways to improve secure working, including designing less user-costly technologies and improving awareness support. Case studies painted a picture of chronic 鈥榓uthentication fatigue鈥� resulting from current policies and mechanisms, and the negative impact on staff productivity and morale.

Influencing government and business guidance

This research contributed significantly to the evidence base for two influential pieces of government and business guidance: 听

• The 2015 GCHQ/ UK National Cyber Security Centre (NCSC) Password Guidance for UK organisations 听
• The 鈥淎wareness is Only the First Step鈥� business whitepaper

These documents superseded previous inferior guidance and offered both business and individual better ways of staying secure. Following on from this policy impact, this research was picked up by iProov and OutThink, two top UK security and IT firms, whose products were not only influenced by Sasse鈥檚 research but also both appointed her their Chief Scientific Advisor.

Putting the users of technology first

Findings from the research informed a review of the 鈥�3 strikes鈥� policies by GCHQ/NCSC Password Guidance to UK organisations published in 2015. This led to a change in thinking, putting the users of technology in organisations first, and identifying practical ways to achieve productivity and security at the same time, directly advocating recommendations from Sasse鈥檚 research be put into practice. 听

Outputs from the compliance budget and shadow security papers were used to inform a business whitepaper, 鈥淎wareness is Only the First Step鈥�, with HP Enterprise (with oversight from GCHQ鈥檚 Communications-Electronic Security Group) co-authored by Professor Sasse and Dr Parkin. This then provided evidence and heuristics upon which the You Shape Security advice collection, provided by the NCSC, was based. The You Shape Security collection is the main sociotechnical advice collection provided by the NCSC which involve how UK organisations manage security for their members.

Links

• 香港六合彩中特网 Computer Science
• 香港六合彩中特网 Faculty of Engineering Sciences
• 香港六合彩中特网 Engineering REF 2021

Image听

• Image credit: