Title :
User-centered security: stepping up to the grand challenge
Author :
Zurko, Mary Ellen
Author_Institution :
IBM Software Group, White Plains, NY
Abstract :
User-centered security has been identified as a grand challenge in information security and assurance. It is on the brink of becoming an established subdomain of both security and human/computer interface (HCI) research, and an influence on the product development lifecycle. Both security and HCI rely on the reality of interactions with users to prove the utility and validity of their work. As practitioners and researchers in those areas, we still face major issues when applying even the most foundational tools used in either of these fields across both of them. This essay discusses the systemic roadblocks at the social, technical, and pragmatic levels that user-centered security must overcome to make substantial breakthroughs. Expert evaluation and user testing are producing effective usable security today. Principles such as safe staging, enumerating usability failure risks, integrated security, transparent security and reliance on trustworthy authorities can also form the basis of improved systems
Keywords :
security of data; user interfaces; human computer interface; information assurance; information security; integrated security; product development lifecycle; transparent security; usability failure risk; usable security; user testing; user-centered security; Application software; Collaborative software; Computer interfaces; Computer security; Human computer interaction; Information security; Product development; Protection; Psychology; Usability;
Conference_Titel :
Computer Security Applications Conference, 21st Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2461-3
DOI :
10.1109/CSAC.2005.60
