Security and Usability

eBook Information

Security and Usability ISBN  0596008279 Release Date  25 August 2005 Category  Computer Security Tags  usability,   security,   ims,   security and usability,   "security and usability",   "usability",   garfinkel,   0596008279,   computer security,   usability testing,   usability engineering,   network security,   website usability,   database security,   security management,   ims client,   This book @Amazon  View Tools Google Search Web flazx.com

Description Security and Usability; pick one at the expense of the other is the story we've all heard time and again. More secure systems are harder to use; for example longer secure passwords are harder to remember than shorter, more easily guessed ones. In the real world it has been recently noticed that when security "gets in the way"; it is often circumvented by the users. For example, systems that "upgrade security" by requiring lengthy passwords often result in sticky notes appearing as people begin to write their passwords down. The book explores a number of topics from the perspective that improved usability can enhance the real world security of a system. The chapters are written by different authors and grouped around related topics. It's hard to pull off these kinds of books well, but I believe this one succeeds. I put the chapters into three categories; talking points, patterns I can use, and presentations. Talking point chapters help me explain to others how improving usability can improve security; examples include "Usable Security" and "Design for Usability". Patterns I can use chapters present a framework for evaluating different approaches to common security problems; such as evaluating authentication mechanisms. Presentation chapters discuss a particular topic presenting pros and cons, such as "Identifying Users from Their Type Patterns" or "Informed Consent by Design". I enjoyed reading this book. If you're considering buying or designing a secure system I recommend checking it out. Other books on Computer Security Applied Security Visualization Ethical Hacking Intrusion Detection Systems (Advances in Information Security) VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security (Mathematics and Visualization) Crimeware: Understanding New Attacks and Defenses (Symantec Press) Insider Attack and Cyber Security: Beyond the Hacker (Advances in Information Security) Computer Security, Privacy and Politics: Current Issues, Challenges and Solutions Secure Computer and Network Systems: Modeling, Analysis and Design No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing Netcat Power Tools Secrets Stolen, Fortunes Lost: Preventing Intellectual Property Theft and Economic Espionage in the 21st Century Hacking: The Art of Exploitation, 2nd Edition Smart Cards, Tokens, Security and Applications Digital Privacy: Theory, Technologies, and Practices Gray Hat Hacking, Second Edition