Date Added: Nov 2009
Despite a long-standing need to incorporate human factors into security risk analysis, taking a balanced approach to analysing security and usability concerns remain a challenge. Balancing security and usability is difficult due to human biases in security perception, and managing the sheer volume of data arising from risk and task analysis. This paper presents an approach for qualitatively and quantitively analysing and visualising the results of risk and task analysis. The authors demonstrate this approach using a realistic example, and they discuss how these techniques fit within the larger context of secure systems design.