GUARD: Recommendations for the user interface

To create a dashboard and for increasing situational security awareness, the GUARD project partners conducted a comprehensive literature research on behavioural, social and human aspects, and additionally collected preliminary inputs on typical user roles from end users. The outcomes of the literature research and the collection of inputs were used to make recommendations for building the security dashboard user interface.

A dashboard that exposes cybersecurity dangers and vulnerabilities of the corresponding digital service chains at a glance is one of the results of the GUARD project. This task is derived directly from the GUARD objective of developing an open and extensible platform for advanced assurance and protection of trustworthy and reliable business chains that span multiple administrative domains and heterogeneous infrastructures.

Based on a comprehensive literature research on behavioural, social and human aspects and a collection of preliminary inputs from end users, recommendations were made for creating an adequate user interface. The recommendations made by the GUARD partners play a central role in the further development of the project.

How behavioural, social and human aspects affect user interfaces

Computer systems are becoming increasingly important for individuals and businesses to function. It is therefore crucial that technology adapts to human needs in order to obtain the best situational awareness possible. Humans play an important role in this regard, since they can be seen as the weakest link in a security system owing to a lack of oversight, errors, misunderstanding, or ignorance. Within the research analysis, multiple challenges were identified that play an important role when developing the user interface (UI).

  • Humans lack the ability to process big data [1].
  • Raising awareness about security and privacy conflicts with the useability of a UI. Complex security damages useability and vice versa [2] [3].
  • It is not expected that users are able to maintain vigilant, patient and aware of security issues [4].
  • Oftentimes, researchers only focus on the “ideal” user and fail to take into account users affected by limitations [5].

How different user roles affect the user interface

Once a security incident occurs, it must be responded to as quickly as possible. However, the reactions depend on the people involved. As there are different people with different backgrounds working in different roles in an organisation, these circumstances need to be taken into account. To make recommendations, first, we need to understand which user roles are normally involved in a security incident, what kind and depth of information these roles demand or produce at different stages of the incident resolution, how to convey this information, and lastly, which communication medium to employ. To address this issue, the GUARD consortium partners shared their first-hand experiences, requirements, and inputs. These inputs are used to derive recommendations to define the GUARD web interface’s functionality as well as to raise awareness of a number of security issues at various levels of the business organisation. Six different business roles were defined by the partners: technical staff (security related), technical staff (non-security related), IT management, communication, legal staff and related organisations. Each business role has a different impact on the GUARD project. In order to make recommendations and thus develop an inclusive user interface, it is important to consider all aspects of the different business roles.

Deriving recommendations and business roles taking into account behavioural, social and human aspects

The major goal of the steps taken was to gather information on how to design an interface that would allow users to recognise and comprehend notifications as well as take the necessary actions. On the basis of the outcomes of the comprehensive literature research on behavioural, social and human aspects, as well as the collected preliminary inputs from end users on typical user roles, a framework has been created that allows to derive concrete recommendations. In total, four core requirements that can be achieved through these recommendations were identified. These requirements include:

  • Notification of security events
    The Notification of security events includes a set of technical and procedural functions that must raise human awareness while also ensuring receivers a complete picture of the occurrences of security events. The notification’s content and technical depth must be adopted to the target users.
  • Dashboard
    While maintaining an overview of sensitive user-related data and privacy settings and implementing control measures for the transfer of personal data, the GUARD dashboard must display a visual representation of the service graph, as well as key security and monitoring aspects (e.g., threats, workload, statistics on resources used). Several interfaces need to be provided for the dashboard, each maintaining its own layout and relevant material to adapt to the needs of the respective user role.
  • Personalised user dashboard
    The amount and type of information displayed in the dashboard must be customisable by the end user. The data should be presented in text and/or graphic form, the user can choose to use widgets, selecting quantity, size and position. The dashboard needs to be adjustable according to the screen size and resolution of the different output devices (desktop/laptop PCs, mobile phones, tablets, etc.). Furthermore, the end users will be able to define their personal data policy and receive notifications through the dashboard, can identify the person responsible for data management according to the normative framework (e.g., the General Data Protection Regulation), and can allow, deny, remove or delete access to private and sensitive data.
  • Message exchange
    End users must be able to communicate with other individuals or groups via the dashboard using various (real-time and/or non-real-time) techniques such as instant messaging, chats, web-based forms, etc. Messages should be prioritised based on the urgency of the request defined by the sender of the message.

In total, 114 initial recommendations were made, that attempt to predict and explain user behaviour by going beyond conventional usability principles and by integrating human factors. Among these, 16 recommendations can be assigned to the requirement “Notification of security events”, 67 to “Dashboard”, 28 to “Personalised user dashboard” and 3 to “Message exchange”. These recommendations will be provided to the developers as the project progresses and will consequently enable the GUARD framework to bridge the gap between users and the system itself.

[1] Legg P. A. (2016). Enhancing Cyber Situation Awareness for Non-Expert Users using Visual Analytics, In Cyber Situational Awareness, Data Analytics and Assessments (Cyber SA), pp. 1-8, IEEE
[2] Minami M., Suzaki K. & Okumura T. (2011). Security considered harmful. A case study of the trade-off between security and usability, vol. pp. 523-524, Doi: 10.1109/CCNC.2011.5766529
[3] Gordieiev, O., Kharchenko, V. S., & Vereshchak, K. (2017, May). Usable Security Versus Secure Usability: an Assessment of Attributes Interaction. In ICTERI (pp. 727-740).
[4] NTT Com Security Inc. Risk. (2014). Value Research Report. https:/‌/‌‌us/‌landingpages/‌risk-value-research/‌
[5] Kothari, V., Blythe, J., Smith, S., & Koppel, R. (2014, May). Agent-based modelling of user circumvention of security. In Proceedings of the 1st International Workshop on Agents and Cybersecurity (p. 5). ACM.
Cyber security, IT security, information security, digital service chains, data privacy and protection, IoT, data visualisation, data dashboard, threat detection, cyber threat intelligence, system integration, user interface, situational awareness, human limitations, user engagement, design principles, business roles, recommendation, human aspects