Usabilidade nas soluções de e-mail seguro - o modelo mental de segurança do usuário
Ferreira, Lucas Cesar
MetadataShow full item record
The adoption of Information and Communication Technology (ICT) in personal, social and corporate environments is increasingly evident. This fact brings complexity, interdisciplinarity, and diversity into the information security field intensified by decentralization and ubiquity of the actual era. As this phenomenon becomes more common, concerns regarding security, secrecy, privacy, and information governance increase. Consequently, tools to improve the safety in systems gain more evidence and new conceptions have emerged. However, studies and recent events have demonstrated how difficult is to use and adopt these safer solutions. Although these solutions improve the information security, there is evidence of the need for more effective security and privacy models on the Web to make these tools widely adopted by users in general. Therefore, the users need be aware of the approaches used by these security and privacy solutions in order to facilitate their adoption, without disregarding the contexts of use. In this context, this study aims at understanding the users' mental models of information security (e.g., secure e-mail solutions) to investigate if the design focused on such models can support the use and adoption of security tools. For that, a review of the main tools found in the literature was performed to identify the main characteristics and design approaches of these tools. Furthermore, to explore if such approaches are in compliance with Usable Safety guidelines and challenges defined in the literature. Then, an empirical evaluation was carried out using the Xmail prototype (developed at the LIA-UFSCar) and the Pwm tool to extract qualitative evidence from the users' perception and validate the proximity of their mental models to the task model proposed by the tools. As a result, this study contributes with a review and an evaluation model of secure tools that can be extended beyond keeping e-mail safe. In addition, from the analysis of the results, it was found that integrating the understanding of the users' mental security model into the process of designing safe and usable e-mail tools can significantly improve the usability of such tools.