This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."
Download it now to read this article plus other related content.
Security and Usability
Edited by Lorrie Faith Cranor and Simson Garfinkel
O'Reilly, 714 pages, $44.95
|Security and Usability|
Usability and Security introduces infosecurity pros to several new security fields: human-computer interaction, usability design and data privacy. As we move beyond the Stone Age of our profession, only the inflexible or indolent can choose to remain ignorant of these new ways to approach security issues. "The user is the enemy" has now become a cliché of times past.
Much of what Usability and Security teaches is far from intuitive. For example, training users to lock their computer when leaving it unattended flies in the face of what sociologists understand about the way trust relationships develop in workplaces, and implies that the user does not trust his nearby coworkers (or that he has something to hide). Both implications are negative, and, as a result, users will typically ignore these security requirements. The book comprises 34 self-contained essays, each its own chapter, which are organized into six sections: aligning usability and security, authentication, security, privacy, commercial applications, and what are deemed "The Classics." While such a collection risks becoming a disjointed hodgepodge, the editors have skillfully harmonized the chapters. The assumed level of theoretical computer science background is low, but the reader is expected to bring at least a moderate understanding of information security threats and countermeasures--not unreasonable expectations considering the audience.
Any required reading list for information security professionals should include Usability and Security. For those driven to improve the state of the art of the profession, this book is a keystone. It cannot alone provide answers to the subtle and only partially understood interplay of usability and security; however, it illuminates the issues, providing the practitioner with research references and arming the reader with humility to contract a usability specialist when designing a security system.
Visit SearchSecurity.com's Information Security Bookshelf for chapter downloads from these books and more.
Penetration Testing and Network Defense
By Andrew Whitaker and Daniel Newman
The Chief Information Security Officer's Toolkit: Governance Guidebook
By Fred Cohen
Fred Cohen & Associates
A Business Guide to Information Security
By Alan Calder
Extrusion Detection: Security Monitoring for Internal Intrusions
By Richard Bejtlich
Web Security, Privacy & Commerce, Second Edition
By Simson Garfinkel with Gene Spafford
Tell us what you think of our book reviews or the titles on our online bookshelf. Send your comments to firstname.lastname@example.org or enter your thoughts on SearchSecurity.com's Sound Off.
"If you need to learn about the principles of intrusion prevention, [Regarding Intrusion Detection] is a great tutorial."
--Emmanuel Vlastakis, Defense Information Systems Agency
For a sample chapter of Ed Amoroso's Regarding Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response, visit searchsecurity.com/bookshelf.
This was first published in January 2006