User-Centered Security Engineering
نویسنده
چکیده
Current approaches to security engineering mainly focus on attacker models, secure mechanisms, and code testing to ensure a high level security standard. However, these approaches do not sufficiently emphasize the usability of the system and the risk arises that the implemented mechanisms create overheads for users or require unworkable user behaviour. In addition, end users will not use security products they cannot understand or which are difficult to apply. Therefore, we propose the new concept of integrated user-centered security engineering to bridge the gap between security and usability. This method has been pursued for the development and implementation of the security tool “Identity Manager”.
منابع مشابه
Formative User-Centered Evaluation of Security Modeling: Results from a Case Study
Developing a security modeling language is a complex activity. Particularly, it becomes very challenging for Security Requirements Engineering (SRE) languages where social/organizational concepts are used to represent high-level business aspects, while security aspects are typically expressed in a technical jargon at a lower level of abstraction. In order to reduce this socio-technical mismatch...
متن کاملSecurity through Usability: a user-centered approach for balanced security policy requirements
Security policy authors face a dilemma. On one hand, policies need to respond to a constantly evolving, well reported threat landscape, the consequences of which have heightened the security awareness of senior managers. On the other hand, the impact of policies extend beyond constraints on desktop computers and laptops; an overly constrained policy may compromise operations or stifle the freed...
متن کاملUsable Security Why Do We Need It ? How Do We Get It ?
ECURITY EXPERTS FREQUENTLY REFER TO PEOPLE AS “THE WEAKEST LINK IN THE CHAIN” OF SYSTEM SECURITY. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password, because it “was easier to dupe people into revealing it” by employing a range of social engineering techniques. Often, such failures are attributed to users’ carelessness and ignorance. However, more enlightened researchers...
متن کاملA Study on Application of user Centered Design For Inteior Design of Travel Bus
This study tries to redesign the interior design of inter-city bus in order to fulfill needs of Iranian User. The goal of this study is practically investigate how user centered design can be applied considering cultural needs of Iranian user. By defining common needs between cultural and physical aspects of Iranian user, the main focus was on improving the sitting condition of the traveler wit...
متن کاملWhy Do We Need It ? How Do We Get It ?
ECURITY EXPERTS FREQUENTLY REFER TO PEOPLE AS “THE WEAKEST LINK IN THE CHAIN” OF SYSTEM SECURITY. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password, because it “was easier to dupe people into revealing it” by employing a range of social engineering techniques. Often, such failures are attributed to users’ carelessness and ignorance. However, more enlightened researchers...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001