Principle 15 - Create Psychological Acceptability

Detail

Services should be designed to maximise the effectiveness of required security mechanisms by incorporating them into user experience analysis and optimisation criteria, with the objective of maximising ease of use and transparency and minimising disruption to core business processes.

Security protection mechanisms should be unbeknownst to the end user for the ease of use and acceptance.

Decision Evaluation Criteria:

• Do User Experience (UX) designs describe an approach which takes account of and actively promotes the principle of psychological acceptability of security mechanisms ?
• Do user dialogue screen designs identify and describe where security mechanisms are incorporated and enforced, demonstrating their simplification, transparent application and ease of use from the end user perspective ?
• Have you performed iterative UX testing with an indicative sample size of end users of the security mechanisms ?

Basis

• NIST 7 - Identify potential trade offs betweenn reducing risks and increasing costs and decrease in other operational effectiveness
• NIST 15 - Strive for operational ease of use
• CSSLP - Create Psychological Acceptability