What is Usable Security?
Design systems that make it easy for humans to keep it secure, looking at user’s needs
- What people are trying to do
- What else they need to do
How do we make Security Usable?
- Make the secure path the most convenient one
- Consider non-technical
What are the 3 things in Usable Security?
Focus on one, you have to compromise on the other two
- Security
- Usability
- Functionality
What is 3 main principles when looking at UX vs Security?
- Security that is difficult to use won’t be used
- Security that gets in the way will be subverted
- Security that is misunderstood will be misapplied
What is meant by Malicious Insiders?
People who intentionally attack or damage a system
- Disgruntled employees
- Employees seeking material gain
What is meant by Accidental Insiders?
People who unintentionally cause harm
- Unmotivated employees
- Ignorant employees
- Genuine accident
What is meant by User Behaviour?
Users may try to comply with security policies but fail, and may still lead to insecure behaviours
