Beruflich Dokumente
Kultur Dokumente
Charles Frank
Complex Mechanisms
Hard to configure Hard to implement correctly This weakens security
Home Users
No anti-virus No firewall Run as administrator No password Wireless access point without a password or with the vendor default password and without encryption Why?
Principle of Psychology Acceptability
Patching
Update functionality or enhance security Patches can interfere with programs running on a system XP SP2
IIS & FTP clients & servers did not work correctly Games did not work correctly
Security designers should minimize the mental workload that a system creates for users.
People follow security policies to the letter might be considered paranoid or anal by their peers. Psychological acceptability
User Education
Senior management sometimes exhibit bad security behavior. They are too important to be bother with petty security policies. Organizations must integrate security into their business process for users to care about protecting assets and exhibiting good security behavior.
References
Security and Usability: Designing Secure Systems That People Can Use, ed. Lorrie Faith Cranor & Simson Garfinkel, OReilly Matt Bishop, Psychological Acceptability Revisited M. Angela Sasse & Ivan Flechais, Usable Security Bruce Tognazzi, Design for Usability