Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

Transforming the ‘weakest link’

Posts Forums General Discussions Transforming the ‘weakest link’

This topic contains 1 reply, has 2 voices, and was last updated by  jeremy 2 years, 1 month ago.

  • Author
    Posts
  • #864

    Mo Amin
    Participant

    I came across an interesting read titled: Transforming the ‘weakest link’ — a human/computer
    interaction approach to usable and effective security.

    It’s a paper by Angela Sasse and her team at UCL. More about her here > (http://sec.cs.ucl.ac.uk/people/m_angela_sasse/)

    It’s a 10 page .pdf doc and you can find it here:

    http://hornbeam.cs.ucl.ac.uk/hcs/publications/Sasse%2BBrostoff%2BWeirich_A%20human-computer%20interaction%20approach%20to%20usable%20and%20effective%20security_BTTJ2001.pdf

    Mo.

  • #1355

    jeremy
    Participant

    Of course usability is important in security, as Angela Sasse rightly argues. But it isn’t enough. Security systems need to change people’s behaviour and they can only do this if they combine knowledge, constant awareness, systems that don’t get in the way of doing your day job (usable systems) and the right motivation. Motivation is key: systems need to be useful to people and more importantly desirable to use. In other words people who build security systems need to focus on the emotional – what people want, as well as the rational – what people need.

    It is easy to set the rules and educate people about them. And it is relatively easy to ensure that systems are usable – although there is likely to be a compromise between usability and efficiency that needs to be addressed through an understanding of risk appetite. But there is still a need to address awareness (not at all the same as education/knowledge) and motivation. These are complex issues better perhaps handled by marketers than by IT professionals. But without effective awareness and motivational campaigns, security systems no matter how usable and no matter how well explained, will fail.

You must be logged in to reply to this topic.