Secure Reads: Security and Usability

Read a review of the book Security and Usability.

This article can also be found in the Premium Editorial Download: Information Security magazine: How to stop data leakage:

Security and Usability
Edited by Lorrie Faith Cranor and Simson Garfinkel
O'Reilly, 714 pages, $44.95

@exb

Security and Usability
@exe It has become fashionable for information security professionals to blame poorly designed user interfaces as the root cause of many security failures. But until now, little has been available outside of academic literature to support these allegations. Security and Usability could create a paradigm shift in its field. Its editors--Lorrie Faith Cranor and Simson Garfinkel, both academically trained computer scientists--have produced a text that explains one of the most important security concepts: Usability issues are inextricably linked to the information system security.

Usability and Security introduces infosecurity pros to several new security fields: human-computer interaction, usability design and data privacy. As we move beyond the Stone Age of our profession, only the inflexible or indolent can choose to remain ignorant of these new ways to approach security issues. "The user is the enemy" has now become a cliché of times past.

Much of what Usability and Security teaches is far from intuitive. For example, training users to lock their computer when leaving it unattended flies in the face of what sociologists understand about the way trust relationships develop in workplaces, and implies that the user does not trust his nearby coworkers (or that he has something to hide). Both implications are negative, and, as a result, users will typically ignore these security requirements. The book comprises 34 self-contained essays, each its own chapter, which are organized into six sections: aligning usability and security, authentication, security, privacy, commercial applications, and what are deemed "The Classics." While such a collection risks becoming a disjointed hodgepodge, the editors have skillfully harmonized the chapters. The assumed level of theoretical computer science background is low, but the reader is expected to bring at least a moderate understanding of information security threats and countermeasures--not unreasonable expectations considering the audience.

Any required reading list for information security professionals should include Usability and Security. For those driven to improve the state of the art of the profession, this book is a keystone. It cannot alone provide answers to the subtle and only partially understood interplay of usability and security; however, it illuminates the issues, providing the practitioner with research references and arming the reader with humility to contract a usability specialist when designing a security system.

--Patrick Mueller

Top Shelf
Visit SearchSecurity.com's Information Security Bookshelf for chapter downloads from these books and more.

Penetration Testing and Network Defense
By Andrew Whitaker and Daniel Newman
Cisco Press

The Chief Information Security Officer's Toolkit: Governance Guidebook
By Fred Cohen
Fred Cohen & Associates

A Business Guide to Information Security
By Alan Calder
Kogan Page

Extrusion Detection: Security Monitoring for Internal Intrusions
By Richard Bejtlich
Addison-Wesley Professional

Web Security, Privacy & Commerce, Second Edition
By Simson Garfinkel with Gene Spafford
O'Reilly

Web Feedback
Tell us what you think of our book reviews or the titles on our online bookshelf. Send your comments to feedback@infosecuritymag.com or enter your thoughts on SearchSecurity.com's Sound Off.

"If you need to learn about the principles of intrusion prevention, [Regarding Intrusion Detection] is a great tutorial."
--Emmanuel Vlastakis, Defense Information Systems Agency
For a sample chapter of Ed Amoroso's Regarding Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response, visit searchsecurity.com/bookshelf.

This was first published in January 2006

Dig deeper on Security Awareness Training and Internal Threats-Information

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close