1. »
  2. Human-Centred Security
  3. »
  4. Lehre
  5. »
  6. Abschlussarbeiten
  7. »
  8. Mas­ter The­sis – IT Se­cu­ri­ty and Pro­duc­tivi­ty: What the Ex­perts think

Mas­ter The­sis – IT Se­cu­ri­ty and Pro­duc­tivi­ty: What the Ex­perts think

ALL­GE­MEIN

Be­treu­er: Jonas Hiel­scher, Mar­ti­na An­ge­la Sasse
Be­ginn: As soon as pos­si­ble
Wei­te­re De­tails: [Call for The­sis]

BE­SCHREI­BUNG

IT se­cu­ri­ty me­a­su­res and rules in or­ga­niza­t­i­ons are often in con­flict with the pri­ma­ry tasks of em­ployees and hence can have a ne­ga­ti­ve im­pact on the em­ployees wor­king pro­duc­tivi­ty. A ty­pi­cal ex­amp­le would be that one needs to enter a pass­word to de­crypt the com­pu­ters disk fol­lo­wed by ano­ther pass­word to login, than a third pass­word to con­nect to the VPN and fi­nal­ly a pass­word for the ne­cessa­ry ap­p­li­ca­ti­on. In that case mi­nu­tes are was­ted with an au­then­ti­ca­ti­on pro­ce­du­re be­fo­re the pro­duc­tive task (the work with the ap­p­li­ca­ti­on) starts. Howe­ver, most se­cu­ri­ty ex­perts, even in the usa­ble se­cu­ri­ty do­main, do not con­s­i­der how me­a­su­res and rules fit into the wor­king day of em­ployees.

This mas­ter the­sis shall eva­lua­te the ex­perts opi­ni­ons about the role of Pro­duc­tive Se­cu­ri­ty. A sur­vey with se­cu­ri­ty ex­perts shall be per­for­med fol­lo­wed by a smal­ler num­ber of de­ep-di­ve in­ter­views with some ex­perts. The the­sis shall 1. show whe­ther and how ex­perts think about the im­pact of their me­a­su­res and rules on the pro­duc­tivi­ty of col­le­agues, cust­o­m­ers and em­ployees and 2. what needs to be done to lower the risk that the pro­duc­tivi­ty shrinks. The mas­ter stu­dent is by them­sel­ves re­s­pon­si­ble to recruit a de­cent num­ber of par­ti­ci­pants. Hence it is an ad­van­ta­ge to know IT se­cu­ri­ty pro­fes­sio­nals in one or more or­ga­niza­t­i­ons. A sur­vey only among other IT se­cu­ri­ty stu­dents won’t be en­ough in that case.

The the­sis might writ­ten in English or Ger­man.

You can ex­pect a close su­per­vi­si­on with mul­ti­ple feed­back cir­cles. We are look­ing for­ward to your ap­p­li­ca­ti­on!

Re­fe­ren­ces:

[1] Adam Beau­te­ment, M. An­ge­la Sasse, and Mike Won­ham. 2008. The com­pli­an­ce bud­get: ma­na­ging se­cu­ri­ty be­ha­viour in or­ga­ni­sa­ti­ons. In Pro­cee­dings of the 2008 New Se­cu­ri­ty Pa­ra­digms Work­shop (NSPW ’08). As­so­cia­ti­on for Com­pu­ting Ma­chine­ry, New York, NY, USA, 47–58. DOI: https://​doi.​org/​10.​1145/​1595676.​1595684

[2] Beau­te­ment, Adam & Be­cker, In­golf & Par­kin, Simon & Krol, Kat & Sasse, An­ge­la. (2016). Pro­duc­tive Se­cu­ri­ty: A scalable me­tho­do­lo­gy for ana­ly­sing em­ployee se­cu­ri­ty be­ha­viours.

VOR­AUS­SET­ZUN­GEN

It is ne­cessa­ry that the stu­dent par­ti­ci­pa­ted in at least one lec­tu­re of the chair for Hu­man-Cen­te­red Se­cu­ri­ty.