The Unintended Harms of Cybersecurity.
Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. In some cases, those countermeasures will produce unintended consequences, which must then be addressed. Unintended consequences can potentially induce harm, adversely affecting user behavior, user inclusion, or the infrastructure itself.
https://www.cl.cam.ac.uk/~ytc36/Identifying_Unintended_Harms.pdf
@corlin One of the things I always stress when giving teaching lessons to our newer employees about cybersecurity is that if a security measure negatively affects the ability for authorized users to do their jobs to the point that the measure must be bypassed to accomplish any work, that measure is too restrictive.
I look forward to reading this!