10/07/2015 at 11:19 #864
I came across an interesting read titled: Transforming the ‘weakest link’ — a human/computer
interaction approach to usable and effective security.
It’s a paper by Angela Sasse and her team at UCL. More about her here > (http://sec.cs.ucl.ac.uk/people/m_angela_sasse/)
It’s a 10 page .pdf doc and you can find it here:
16/08/2016 at 11:45 #1355
Of course usability is important in security, as Angela Sasse rightly argues. But it isn’t enough. Security systems need to change people’s behaviour and they can only do this if they combine knowledge, constant awareness, systems that don’t get in the way of doing your day job (usable systems) and the right motivation. Motivation is key: systems need to be useful to people and more importantly desirable to use. In other words people who build security systems need to focus on the emotional – what people want, as well as the rational – what people need.
It is easy to set the rules and educate people about them. And it is relatively easy to ensure that systems are usable – although there is likely to be a compromise between usability and efficiency that needs to be addressed through an understanding of risk appetite. But there is still a need to address awareness (not at all the same as education/knowledge) and motivation. These are complex issues better perhaps handled by marketers than by IT professionals. But without effective awareness and motivational campaigns, security systems no matter how usable and no matter how well explained, will fail.
You must be logged in to reply to this topic.