ProductsMonday2
?
SecurityProducts
HUMAN-CENTRED SECURITY
Bottom Line
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Dont make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
A. VirusProtectionSoftware
B. SpywareProtection
C. SecuringHomeNetwork
D. Sharinglegal,butindecentimages.
E. Configuresocialnetworkingaccount
F. Authenticatingthemselvesonsystems
G. Encryptingtheirdata
H. Sharinginformationwithphysicalstrangers
I. Backingupdata/dataonthecloud
J. AddingPINstothingslikephones&voicemail
K. SpottingphishingMessages
L. Softwareupdates
WhatdoEnd-Usersneedtouse?
Teamsconsideranarea.
Produceanoverviewofthearea
Answerthefourpoints
Producepresentation
UploadtoMoodle
Break
Present
Considercommonthemes
Activity
A. VirusProtectionSoftware
B. SpywareProtection
C. SecuringHomeNetwork
D. Sharinglegal,butindecentimages.
E. Configuresocialnetworkingaccount
F. Authenticatingthemselvesonsystems
G. Encryptingtheirdata
H. Sharinginformationwithphysicalstrangers
I. Backingupdata/dataonthecloud
J. AddingPINstothingslikephones&voicemail
K. SpottingphishingMessages
L. Softwareupdates
WhatdoEnd-Usersneedtouse?
1. Auburn
2. Avocado
3. Azure
4. Burgundy
5. Denim
6. Lime
7. Mint
8. Periwinkle
9. Pistachio
10.Raspberry
11.Ruby
12.Sapphire
Bottom Line
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Dont make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
VirusProtection
Software
25percentoftheusersadmittedtoturning
offtheiranti-virusprotectionbecausethey
thoughtthoseprogramswereslowingdown
theircomputers
Virus Protection Software
Spyware
Protection
Software
Spyware Protection
HomeNetwork
Configuration
WiFi Configuration
Sharinglegal,but
indecentimages.
http://www.telegraph.co.uk/women/womens-health/10985660/Sexting-scare-6-
sexting-myths-busted.html
Thelawdoesntdistinguishbetweenanindecentimage
ofyouandanindecentimageofsomeoneelse.
Itsanoffencetosendgrosslyoffensivecommunications
tosomeoneelse.Itsconceivablethat[anakedsext]
couldoffend.Ifyousendsomeoneapictureofapenis,
thatmightbetakenoffensively.
Whenyoucreateaphoto,asthecreatoryou
automaticallybecometheownerofthecopyright.
Anyonewhostakingarisqupictureandsendingitto
theirpartner,theyllownthecopyright.
Sharingindecentimages
ConfiguringSocial
Networking
Service
https://www.theguardian.com/technology/2016/jun/29/facebook-privacy-secret-profile-
exposed
Authentication
Authenticating
People are poor at
password
management
One time
passwords can be
easy to use (if you
can see properly)
Password Management
Encrypting
Encrypting Hard Drives
ItssmarttoencryptUSBmemorydevices,
butitsstupidtoattachtheencryptionkey
tothedevice.Healthbossestodayadmitted
thememorystickwasencrypted,butthe
passwordhadbeenattachedtothedevice
whenitwentmissing.Imsuretheywereso
proudthattheychoseasecureencryption
algorithm.
StupidSecurityTricks:Key
Management
Sharing
informationwith
physicalstrangers
https://www.theguardian.com/uk/2011/apr/08/cyberstalking-study-victims-men
Backups
Backing Up
http://www.pcadvisor.co.uk/news/laptop/3286081/46-of-
brits-dont-back-up-their-mobile-or-laptop/
Using the Cloud
MobileDevices
http://www.bitdefender.com/security/users-
confused-about-smartphone-security.html
Protecting Smart Phones
VoicemailPins
Protecting Voicemail
FallingforPhishing
http://www.zdnet.com/blog/security/survey-
millions-of-users-open-spam-emails-click-
on-links/5889
SPAM
SoftwareUpdates
https://www.computerworld.com/article/2504261/enterprise-applications/quarter-of-
users-see-no-benefit-in-updating-software.html
EncryptingEmail
Idonteversendemailthatisdigitally-signed
becauseIdontknowhow(44.8%)
Imsorry,butIdontunderstandwhatyou
meanbydigitally-signed.(24.1%)
Iwouldliketomanuallycontrolhoweach
emailmessageissaved(sealed,unsealed,or
unsealedandre-encrypted.) 50%
EncryptingEmailSurvey
http://simson.net/ref/2004/smim
e-survey.html
Encrypting Email
Understanding Security
12255laptopslostperweekatUSairports
19%wholediskencryption
19%fileencryption
45%passwordlogin
Peopledontuseencryptionbecauseitis
hardtouse
InsecureBehaviour
Behving Securely
Common Wisdom
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Dont make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
Common Wisdom
Security software needs to be usable if
the people who are expected to use it
People also need to see the need to use it
They need the time and wherewithal
(support) to use it
Just making it usable wont work!
UNSEEN EXAMPLE
Example
Bottom Line
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Dont make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
COMMON THEMES AND
CHALLENGES
Challenges
Challenges
people are often perceived as the weakest link in the security
process.
often think of users are lazy, stupid or that they do not care.
assumption simply because someone is able to perform a task, they
are motivated to do so.
many users will weigh up the costs and benefits of the security task.
users looks for benefits in their everyday lives authentication is
always a secondary task
in larger groups / organisations / circles trust is an important
component but in many organisations we may perceive individuals
are untrustworthy components
research indicates that good people, sometimes do not comply with
the rules of policies.
Reviews
There are no reviews yet.