Call for Papers
IEEE Security & Privacy
Special Issue: The Security-Usability Tradeoff Myth

Final submissions due: 29 February 2016
Publication date: September/October 2016
Author guidelines: www.computer.org/web/peer-review/magazines

Usability problems are a major cause of many of today’s IT-security incidents. Many security mechanisms are often too complex and time consuming; this induces mistakes and noncompliance, which undermine security. For more than a decade, usable security researchers and practitioners have tried to address this problem by creating more usable security solutions. Retailers, banks, and communications providers know that cumbersome security is bad for business. But research also continues to find user complaints, mistakes, and noncompliance with common security mechanisms that security designers and software developers consider “usable enough.”

This special issue of IEEE Security & Privacy will examine the relationship between security and usability in detail; identify the perceptions, processes, and practices that underlie continual problems; and examines what needs to change to move the field forward.

Articles will explore important questions, such as:

  • Which usable security/privacy problems have not been solved, and why?
  • What lessons have we learned over the past decade of usable security/privacy research? Which usable security/privacy solutions have been particularly effective, and what lessons can be derived from such success stories? Can we identify common causes underlying failures, such as erroneous beliefs or inappropriate criteria, processes, or practices?
  • Which usable security/privacy problems have been ignored, and why?
  • Are there myths and misconceptions about security/privacy in the usability community that need to be dispelled, and vice versa?
  • Can insights from disciplines other than security/privacy and usability (for instance, economics, anthropology, management, or design science) further the development of usable security solutions?

We welcome case studies, experience reports, practices, research results, and standards reports. Our readers are eager to hear about personal and industry experiences, especially if these are based on empirical studies that can provide reliable evidence to users, developers, researchers, and policymakers.

Submission Guidelines

Submissions will be subject to the IEEE Computer Society's peer-review process. Articles should be at most 6,000 words, with a maximum of 15 references, and should be understandable to a broad audience of people interested in security, privacy, and dependability. The writing style should be down to earth, practical, and original. Authors should not assume that the audience will have specialized experience in a particular subfield. All accepted articles will be edited according to the IEEE Computer Society style guide. Submit your papers to Scholar­One at https://mc.manuscriptcentral.com/cs-ieee.

Questions?

Contact the Guest Editors: Angela Sasse (University College London; a.sasse@cs.ucl.ac.uk) and Matthew Smith (University of Bonn; smith@cs.uni-bonn.de)