CYBER SECURITY TECHNOLOGY USABILITY AND MANAGEMENT
DIANA K. SMETTERS
PARC, Palo Alto, California
1 INTRODUCTION
Why does usability matter? Particularly when placed in the context of security, it sounds nice but is not necessary—after all, who would place their systems or data in jeopardy just for a little convenience? In practice, the answer to this question is anyone for whom maintaining system security is not the primary job, or in other words, almost everyone. People use computers to accomplish particular tasks, and anything ancillary to those tasks, and particularly anything that gets in the way of their accomplishment will be worked around, disabled, or avoided [1]. The net result of an unusable security measure is likely to be a system less secure than the one that started out as more insecure in the beginning. Luckily, recent work at the intersection of computer security and human—computer interaction (HCI) has begun to demonstrate that the “human element” is a critical component of security, and that it is possible, with care, to build systems that are both usable and secure.
2 USABILITY AND SECURITY: CURRENT RESEARCH
In their seminal 1974 paper, Salzer and Schroeder listed eight principles for the design of secure systems. The last was “psychological acceptability”—usability, which they saw as critical if mechanisms designed according to the other seven principles were to be applied correctly [2]. After 25 years of relative quiet, there has been an explosion of interest ...
Get Wiley Handbook of Science and Technology for Homeland Security, 4 Volume Set now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.