Measuring the right people

Posted byTodd M Fletcher Posted on12 Sep 2023 Comments0
Tags: ,
woman in white long sleeve shirt holding a book while measuring a leaf

In my continued research of security user acceptance, I have been motivated by the concept that what “we” know about security acceptance is flawed. I found an article that supports this presumption. In an article published in the ‘Canadian Center of Science and Education’ entitled “An Integrated Expert User with End User in Technology Acceptance Model for Actual Evaluation” by Hussain Mohammed Abu-Dalough, et, al, we learn some key facts.

The most relevant and significant outcomes from this article, is support for idea that evaluating the success of security controls is poorly represented in most studies, because the participants in studies are not familiar enough with the technology to adequately judge the effectiveness. This drives the specific assumption that “expert” users, in my case “cyber practitioners”, are a unique subgroup which should be studied. Perhaps even to the extent that no study of general users can be accepted when determining the validity and effectiveness of security controls in securing technology and related enterprise systems.

Quotes:

  • “Results from the empirical analysis indicated that end users cannot evaluate all the features that [are] included in the new technology or system and this led to give a fake evaluation results.”
  • “…expert users in evaluation acceptance of new technology or system in order to get actual evaluation and the expert users give the actual evaluation about the new technology or system more than the end users. It also reveal the expert users identify a majority or the weakness and problems in the new technology or system, that behind the end users ability to discover it.”

We would do well to review the research and presumption surrounding claims regarding security control effectiveness and acceptance with a critical eye to the study group. Was the choice to use the group correct given the expertise needed to understand all the layers of detail in the control’s effectiveness, or was it a matter of convenience for the researchers?

References:

Article: Abu-Dalbouh, H. M. (2016). An Integrated Expert User with End User in Technology Acceptance Model for Actual Evaluation. Comput. Inf. Sci., 9(1), 47-53.

Category

Leave a Reply