因應科技發展與進步,電腦在人類生活中扮演重要的角色,隨著電腦領域擴展與多功能的軟體系統開發,使得人與電腦之間的互動更加多元化。在人與電腦的互動中可用性與安全性二者的關聯性受到重視,其中少數研究認為可用性與安全性無法有效整合;但在部份文獻發現透過人機互動之方式可以解決可用性與安全性整合的問題。在使用者安全認知相關研究裡,使用者對安全認知不足原因可能包括:介面無法有效提供使用者操作、複雜的操作步驟及系統使用手冊說明不完全等。對於使用者而言,在軟體系統操作裡或許有足夠安全的環境但可能無法達到可用性之準則,反之達到可用性準則之軟體系統卻無法保證其安全性;因此兼具可用性與安全性原則之人機互動模式已成為評估使用者安全認知之重要指標。 本研究主旨探討可用性與安全性二者在系統軟體之整合,並發展一套可增加安全性認知的使用性測試模式與平台。本研究首先整理目前國內外人機互動領域相關文獻,其次依據文獻探討結果,利用可用性與安全性設計準則與規範,以亞洲大學資訊科學與應用學系學生為主要受測對象,針對具使用網頁瀏覽器經驗之使用者進行調查Internet Explorer(IE)瀏覽器安全操作選單之使用者對其安全性操作認知程度。以此調查結果為基礎,篩選適用於軟體安全性認知的可用性準則,並輸入發展之平台測試,修正軟體開發之可用性測試與安全性考量,評估之結果可做為改善使用者安全認知的依據,並驗證可用性與安全性之整合議題。
The relationship between computers and human are closer due to the rapid technology development. The wider application area of computers and multi-functional software systems development diversify the human and computer interaction. Research issues of usability and security in HCI are normally independently discussed. However, integration between these two factors should be considered in terms of software development. In the worst case, one of them is even ignored during system development. Several design guidelines have been developed and used for improving system usability. As a result, security issue somehow is embedded into usability consideration. Therefore, users are encouraged to pay more attention to system usability rather than security. In other words, security awareness of software development is overlooked, although it is normally alleged that the system is secure enough. The evaluation of system security provided by the interface should be recognized by users during the software operation to increase security awareness. Several related works argued that the problems of insufficient security awareness include the followings: ineffective interface for user operations complicated operating procedures, and obscure documentation. The priority of security concern is usually behind that of major functions required by users. Therefore, security function is normally arranged under the structure of sub-function or sub-menu in a WIMP interface which is widely applied in the wed-based system and software. This research first uses Microsoft Internet Explorer as a case study where security guidelines provided by other researches are discussed and examined. A framework of improving security awareness based on integrating usability and security evaluation is proposed. The result of this research can provide suggestion of designing HCI interface to improve security awareness without sacrificing usability.