ProductsMonday2
?
SecurityProducts
HUMAN-CENTRED SECURITY
Bottom Line
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Don�t make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
A. VirusProtectionSoftware
B. SpywareProtection
C. SecuringHomeNetwork
D. Sharinglegal,butindecentimages.
E. Configuresocialnetworkingaccount
F. Authenticatingthemselvesonsystems
G. Encryptingtheirdata
H. Sharinginformationwithphysicalstrangers
I. Backingupdata/dataonthecloud
J. AddingPINstothingslikephones&voicemail
K. SpottingphishingMessages
L. Softwareupdates
WhatdoEnd-Usersneedtouse?
• Teamsconsideranarea.
– Produceanoverviewofthearea
– Answerthefourpoints
– Producepresentation
– UploadtoMoodle
– Break
– Present
– Considercommonthemes
Activity
A. VirusProtectionSoftware
B. SpywareProtection
C. SecuringHomeNetwork
D. Sharinglegal,butindecentimages.
E. Configuresocialnetworkingaccount
F. Authenticatingthemselvesonsystems
G. Encryptingtheirdata
H. Sharinginformationwithphysicalstrangers
I. Backingupdata/dataonthecloud
J. AddingPINstothingslikephones&voicemail
K. SpottingphishingMessages
L. Softwareupdates
WhatdoEnd-Usersneedtouse?
1. Auburn
2. Avocado
3. Azure
4. Burgundy
5. Denim
6. Lime
7. Mint
8. Periwinkle
9. Pistachio
10.Raspberry
11.Ruby
12.Sapphire
Bottom Line
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Don�t make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
VirusProtection
Software
• 25percentoftheusersadmittedtoturning
offtheiranti-virusprotectionbecausethey
thoughtthoseprogramswereslowingdown
theircomputers
Virus Protection Software
Spyware
Protection
Software
Spyware Protection
HomeNetwork
Configuration
WiFi Configuration
Sharinglegal,but
indecentimages.
http://www.telegraph.co.uk/women/womens-health/10985660/Sexting-scare-6-
sexting-myths-busted.html
• “Thelawdoesn’tdistinguishbetweenanindecentimage
ofyouandanindecentimageofsomeoneelse.”
• “It’sanoffencetosendgrosslyoffensivecommunications
tosomeoneelse.It’sconceivablethat[anakedsext]
couldoffend.Ifyousendsomeoneapictureofapenis,
thatmightbetakenoffensively.”
• “Whenyoucreateaphoto,asthecreatoryou
automaticallybecometheownerofthecopyright.
Anyonewho’stakingarisquépictureandsendingitto
theirpartner,they’llownthecopyright.”
Sharingindecentimages
ConfiguringSocial
Networking
Service
https://www.theguardian.com/technology/2016/jun/29/facebook-privacy-secret-profile-
exposed
Authentication
Authenticating
• People are poor at
password
management
• One time
passwords can be
easy to use (if you
can see properly)
Password Management
Encrypting
Encrypting Hard Drives
It�ssmarttoencryptUSBmemorydevices,
butit�sstupidtoattachtheencryptionkey
tothedevice.Healthbossestodayadmitted
thememorystickwasencrypted,butthe
passwordhadbeenattachedtothedevice
whenitwentmissing.I�msuretheywereso
proudthattheychoseasecureencryption
algorithm.
StupidSecurityTricks:Key
Management
Sharing
informationwith
physicalstrangers
https://www.theguardian.com/uk/2011/apr/08/cyberstalking-study-victims-men
Backups
Backing Up
http://www.pcadvisor.co.uk/news/laptop/3286081/46-of-
brits-dont-back-up-their-mobile-or-laptop/
Using the Cloud
MobileDevices
http://www.bitdefender.com/security/users-
confused-about-smartphone-security.html
Protecting Smart Phones
VoicemailPins
Protecting Voicemail
FallingforPhishing
http://www.zdnet.com/blog/security/survey-
millions-of-users-open-spam-emails-click-
on-links/5889
SPAM
SoftwareUpdates
https://www.computerworld.com/article/2504261/enterprise-applications/quarter-of-
users-see-no-benefit-in-updating-software.html
EncryptingEmail
• Idon’teversendemailthatisdigitally-signed
becauseIdon’tknowhow(44.8%)
• I’msorry,butIdon’tunderstandwhatyou
meanby“digitally-signed.(24.1%)
• Iwouldliketomanuallycontrolhoweach
emailmessageissaved(sealed,unsealed,or
unsealedandre-encrypted.)– 50%
EncryptingEmailSurvey
http://simson.net/ref/2004/smim
e-survey.html
Encrypting Email
Understanding Security
• 12255laptopslostperweekatUSairports
• 19%wholediskencryption
• 19%fileencryption
• 45%passwordlogin
• Peopledon�tuseencryptionbecauseitis
hardtouse
InsecureBehaviour
Behving Securely
Common Wisdom
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Don�t make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
Common Wisdom
Security software needs to be usable if
the people who are expected to use it
People also need to see the need to use it
They need the time and wherewithal
(support) to use it
Just making it usable won’t work!
UNSEEN EXAMPLE
Example
Bottom Line
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Don�t make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
COMMON THEMES AND
CHALLENGES
Challenges
Challenges
• people are often perceived as the weakest link in the security
process.
• often think of users are lazy, stupid or that they do not care.
• assumption simply because someone is able to perform a task, they
are motivated to do so.
• many users will weigh up the costs and benefits of the security task.
• users looks for benefits in their everyday lives – authentication is
always a secondary task
• in larger groups / organisations / circles – trust is an important
component – but in many organisations we may perceive individuals
are untrustworthy components
• research indicates that good people, sometimes do not comply with
the rules of policies.
Reviews
There are no reviews yet.