Doctoral Dissertations

Orcid ID

https://orcid.org/0009-0008-9004-4619

Date of Award

12-2025

Degree Type

Dissertation

Degree Name

Doctor of Philosophy

Major

Information Sciences

Major Professor

Vandana Singh

Committee Members

Vandana Singh, Devendra Potnis, Laura Miller, Doowon Kim

Abstract

This dissertation develops a National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) v2.0-based Community Profile for the field of Usable Security, with a focus on integrating User Experience (UX) considerations into organizational cybersecurity practices. Organizations continue to face persistent UX challenges with cybersecurity tools & platforms, policies & standards, and role-specific training initiatives, which can undermine the effectiveness of security measures and practitioner adoption.

The study was guided by three (3) main Research Questions: RQ1: What are the standard elements of a NIST CSF Community Profile?; RQ2: What are the UX challenges faced by Cybersecurity/IT teams in an organization?; RQ3: What are the UX elements that are critical for organizations from a Usable Security standpoint, and how can they be integrated into a NIST CSF Community Profile?

To address these questions, the research employed a mixed-methods design across four (4) phases. Phase I involved developing a generalizable template for NIST CSF Community Profiles (Appendix E) based on available examples. Building on a pilot study (Phase II, Appendix F), Phase III involved a structured online survey of 110 cybersecurity professionals across the US, exploring their experiences with tools & platforms, policies & standards, and training. Phase IV consisted of follow-up interviews with 26 practitioners, which provided deeper insight into recurring cybersecurity UX issues. Thematic analysis of survey and interview data identified key challenges such as complexity, integration gaps, policy readability and update cycles, training fatigue, and so forth. Drawing on these findings, this dissertation presents the first NIST CSF v2.0-based Usable Security Community Profile. The Profile outlines practitioner-reported issues, actionable recommendations, and informative references drawn from both scholarly research and industry guidance. Expert reviews with four (4) practitioners were used to validate the priorities and recommendations.

The study makes contributions on three (3) levels: theoretically, by addressing a gap in usable security research and situating UX within a widely adopted cybersecurity framework; methodologically, by documenting a replicable process for developing CSF-based Community Profiles; and practically, by delivering a Profile that organizations can adapt to improve the UX of their cybersecurity tools, policies, and training programs.

Download
Files over 3MB may be slow to open. For best results, right-click and select "save as..."

Share

COinS