Security and Usability: Designing Secure Systems that People Can Use
Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues—both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.

Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.

There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

Security & Usability groups 34 essays into six parts:

  • Realigning Usability and Security—with careful attention to user-centered design principles, security and usability can be synergistic.
  • Authentication Mechanisms— techniques for identifying and authenticating computer users.
  • Secure Systems—how system software can deliver or destroy a secure user experience.
  • Privacy and Anonymity Systems—methods for allowing people to control the release of personal information.
  • Commercializing Usability: The Vendor Perspective—specific experiences of security and software vendors (e.g., IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.
  • The Classics—groundbreaking papers that sparked the field of security and usability.

This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.

1101818636
Security and Usability: Designing Secure Systems that People Can Use
Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues—both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.

Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.

There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

Security & Usability groups 34 essays into six parts:

  • Realigning Usability and Security—with careful attention to user-centered design principles, security and usability can be synergistic.
  • Authentication Mechanisms— techniques for identifying and authenticating computer users.
  • Secure Systems—how system software can deliver or destroy a secure user experience.
  • Privacy and Anonymity Systems—methods for allowing people to control the release of personal information.
  • Commercializing Usability: The Vendor Perspective—specific experiences of security and software vendors (e.g., IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.
  • The Classics—groundbreaking papers that sparked the field of security and usability.

This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.

49.99 In Stock
Security and Usability: Designing Secure Systems that People Can Use

Security and Usability: Designing Secure Systems that People Can Use

Security and Usability: Designing Secure Systems that People Can Use
Add to Wishlist
Security and Usability: Designing Secure Systems that People Can Use

Security and Usability: Designing Secure Systems that People Can Use

Overview

Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues—both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.

Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.

There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

Security & Usability groups 34 essays into six parts:

  • Realigning Usability and Security—with careful attention to user-centered design principles, security and usability can be synergistic.
  • Authentication Mechanisms— techniques for identifying and authenticating computer users.
  • Secure Systems—how system software can deliver or destroy a secure user experience.
  • Privacy and Anonymity Systems—methods for allowing people to control the release of personal information.
  • Commercializing Usability: The Vendor Perspective—specific experiences of security and software vendors (e.g., IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.
  • The Classics—groundbreaking papers that sparked the field of security and usability.

This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.

Product Details

ISBN-13: 9780596008277
Publisher: O'Reilly Media, Incorporated
Publication date: 09/01/2005
Edition description: New Edition
Pages: 738
Product dimensions: 7.00(w) x 9.19(h) x 1.31(d)

About the Author

Dr. Lorrie Faith Cranor is an Associate Research Professor in the School of Computer Science at Carnegie Mellon University. She is a faculty member in the Institute for Software Research, International and in the Engineering and Public Policy department. She is director of the CMU Usable Privacy and Security Laboratory (CUPS).

Simson Garfinkel is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools.

Table of Contents

  • Preface
  • Part I: Realigning Usability and Security
    • Chapter One: Psychological Acceptability Revisited
    • Chapter Two: Why Do We Need It? How Do We Get It?
    • Chapter Three: Design for Usability
    • Chapter Four: Usability Design and Evaluation for Privacy and Security Solutions
    • Chapter Five: Designing Systems That People Will Trust
  • Part II: Authentication Mechanisms
    • Chapter Six: Evaluating Authentication Mechanisms
    • Chapter Seven: The Memorability and Security of Passwords
    • Chapter Eight: Designing Authentication Systems with Challenge Questions
    • Chapter Nine: Graphical Passwords
    • Chapter Ten: Usable Biometrics
    • Chapter Eleven: Identifying Users from Their Typing Patterns
    • Chapter Twelve: The Usability of Security Devices
  • Part III: Secure Systems
    • Chapter Thirteen: Guidelines and Strategies for Secure Interaction Design
    • Chapter Fourteen: Fighting Phishing at the User Interface
    • Chapter Fifteen: Sanitization and Usability
    • Chapter Sixteen: Making the Impossible Easy: Usable PKI
    • Chapter Seventeen: Simple Desktop Security with Chameleon
    • Chapter Eighteen: Security Administration Tools and Practices
  • Part IV: Privacy and Anonymity Systems
    • Chapter Ninteen: Privacy Issues and Human-Computer Interaction
    • Chapter Twenty: A User-Centric Privacy Space Framework
    • Chapter Twenty One: Five Pitfalls in the Design for Privacy
    • Chapter Twenty Two: Privacy Policies and Privacy Preferences
    • Chapter Twenty Three: Privacy Analysis for the Casual User with Bugnosis
    • Chapter Twenty Four: Informed Consent by Design
    • Chapter Twenty Five: Social Approaches to End-User Privacy Management
    • Chapter Twenty Six: Anonymity Loves Company: Usability and the Network Effect
  • Part V: Commercializing Usability: The Vendor Perspective
    • Chapter Twenty Seven: ZoneAlarm: Creating Usable Security Products for Consumers
    • Chapter Twenty Eight: Firefox and the Worry-Free Web
    • Chapter Twenty Nine: Users and Trust: A Microsoft Case Study
    • Chapter Thirty: IBM Lotus Notes/Domino: Embedding Security in Collaborative Applications
    • Chapter Thirty One: Achieving Usable Security in Groove Virtual Office
  • Part VI: The Classics
    • Chapter Thirty Two: Users Are Not the Enemy
    • Chapter Thirty Three: Usability and Privacy: A Study of KaZaA P2P File Sharing
    • Chapter Thirty Four: Why Johnny Can't Encrypt
  • Colophon
From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Networking & Telecommunications
Computer Programming
Security - Computer Networks
User Interfaces
Computers
Networking & Telecommunications
Computer Programming
Security - Computer Networks
User Interfaces

Customer Reviews