Security Policy Audits: Why and How

Arvind Narayanan, Kevin Lee, Jens Grossklags, Heather Richter Lipford, Jessica Staddon

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


We describe a series of security policy audits that we conducted, exposing policy flaws affecting billions of users that are often exploited by even low-tech attackers. We argue that a systematic study of security policies and processes is sorely needed, and present a research agenda.

Original languageEnglish (US)
Pages (from-to)77-81
Number of pages5
JournalIEEE Security and Privacy
Issue number2
StatePublished - Mar 1 2023

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Law


Dive into the research topics of 'Security Policy Audits: Why and How'. Together they form a unique fingerprint.

Cite this