SlideShare una empresa de Scribd logo

Usable security it isn't secure if people can't use it mwux 2 jun2012

Descargar como PPTX, PDF
Darren Kall
Darren Kall

This is one of a pair of talks. This one encourages the UX community to get involved in security products and security aspects. It outlines how UX skills can help make security more secure by making it more usable. It challenges the UX community to adopt "security thinking" because it stretches the traditional boundaries of UX focus. Security products and security issues do not get enough attention from user experience. Yet user experience is at the root cause of many, if not most, security issues. The weakest link in security is not technology but the gap between technology and people. The developer, IT implementer, administrator, and end-user each create vulnerabilities if the system wasn’t designed to be usable for each of them. Technology, policies, management and metrics all improve with a user-centric approach that merges development, security implementation and monitoring with usability. It isn't secure if people can't use it. ™

TecnologíaNoticias y política
1 de 32
1 Usable Security UX Review Usable Security It isn’t secure if people can’t use it. Darren Kall – Midwest UX 2012 @darrenkall #secUX #mwux12 KALL Consulting customer and user experience design and strategy 20-min version: 2Jun2012 @darrenkall #secux #mwux12
2 enough Usable Security Not Usable Security UX Review There are some UX people focusing on security UX But not enough Because we don’t see it as our problem It is our problem We can’t solve all the problem We may be the only people who can help @darrenkall #secux #mwux12
3 InfoSec Credentials Usable Security UX Review Founded the Windows Security UX team Founded the Windows Security Assurance team GPM of the Windows Core Security team GPM of the Microsoft Passport UX team GPM of the Microsoft Passport front-end PM team Founded the MSN-client security and privacy teams Worked on designing the security for the AT&T phone system for the Whitehouse @darrenkall #secux #mwux12
4 Usable Security UX Review I’mI’m Apology to ~900 Million people I’m sorry. I’m I’m I’mI’m I’m sorry. I’m sorry. sorry. sorry. sorry. I’m sorry. I’m I’m sorry. I’m sorry. sorry. sorry. sorry. I’mI’m I’m I’m I’m sorry. I’m I’m I’m I’m sorry. sorry. sorry. sorry. I’m sorry. I’m sorry. I’m sorry. sorry. sorry. I’m I’m I’m sorry. sorry. I’m I’m I’m I’m sorry.sorry. sorry. sorry. I’m sorry.I’m I’m sorry. I’m sorry. I’m I’m sorry.sorry.sorry. I’m sorry. sorry.sorry. @darrenkall #secux #mwux12
5 Bookend Talk Usable Security UX Review Spoke at an InfoSec conference 2012 encouraged them to adopt a UX approach Speaking to you at Midwest UX 2012 encourage you to focus on security Weak on the encouragement side Scare you @darrenkall #secux #mwux12
6 stuff first Scary Usable Security UX Review Mobile device malware increased 1,200% in 1Q 2012 Cybercrime in 2011 had more revenue than the international illicit drug trade US Treasury reports 100’s of billions lost per year due to security breaches 2011 mobile app market = 8.5 B 2016 project mobile app market = 46 B 2011 tablet and smartphone market = 190 B 2015 saturation Security incidents increase: Overall US 2011 = 77%, Federal (5 years) = 650% GNP growth 2012 = 2.4% - 3% @darrenkall #secux #mwux12
7 will it continue to get worse? Why Usable Security UX Review Increased cloud usage Increased mobile usage “New” web tech: HTML 5, CSS3, etc. More powerful access to data Social, geolocation, connectedness … Hactivism Government to government attacks - cyberwar Etc. @darrenkall #secux #mwux12
8 Hacker Credentials Usable Security UX Review Short and sweet hacking career Caught by US military IT security forensics team No charges Just wanted to know how a graduate student in New Hampshire got into a secure military network in Colorado Never asked me why Never asked about problem solving Did not take a UX approach @darrenkall #secux #mwux12
9 Current meme Usable Security UX Review “The system would be secure if we just got rid of the people.” Every IT person who ever worked on security @darrenkall #secux #mwux12
10 way – they are right In a Usable Security UX Review The problems with people Limited “Imperfect” Memory cognitive Lazy models Don’t respond quickly Limited number enough crunching Don’t Emotional understand responses security Limited ability to visualize Fear Limited decision negative making skill outcomes Too Not tech busy savvy Limits to vigilance Cognitive biases Easily deceived @darrenkall #secux #mwux12
11 Security issues are UX design issues Usable Security UX Review Security issues are human issues Human issues are UX design issues @darrenkall #secux #mwux12
12Wheelhouse UX Usable Security UX Review UX design has the techniques and skills to solve security issues But there’s a catch Systems are secure only if every aspect of the end- to-end system can be used @darrenkall #secux #mwux12
13 Traditional UX focus Usable Security UX Review End-users Product and features Trending tech/industries Critical path – core aspects @darrenkall #secux #mwux12
14improve security To Usable Security UX Review Go beyond traditional UX Adopt “Security Thinking” @darrenkall #secux #mwux12
15beyond end-users Go Usable Security UX Review Security UX is not just end-users but every human in the end-to-end system @darrenkall #secux #mwux12
16beyond end-users Go Usable Security UX Review  End-users  Product Managers  Installers  Business Analysts  Administrators  System Designers  Hackers  Program Managers  Project Managers  Trainers  Developers  Maintenance  Testers  Monitoring  Marketing  Forensics  Sales  Deprecation  etc. @darrenkall #secux #mwux12
17beyond the product Go Usable Security UX Review Security UX is not just the product and features but every interaction with the end-to-end system @darrenkall #secux #mwux12
18beyond the product Go Usable Security UX Review  Product  Installation  Documentation  Uninstall  Customer Support  Purchase  System logic  Supply chain  Cognitive Model  Relationship  Perception  Trust  Services  Predictability  Updates  Availability  Upgrades  etc. @darrenkall #secux #mwux12
19beyond trending tech Go Usable Security UX Review Security UX is not just trending technology or industries but every component in the end-to-end system @darrenkall #secux #mwux12
20beyond trending tech Go Usable Security UX Review  Trending Tech  NFC  Trending Industries  Voice  Mobile  Gestures  Touch computing  “Old” Tech  Social  “Old” industries  Social gestures  Existing tech  Healthcare  etc.  Big data  Green @darrenkall #secux #mwux12
21beyond the critical path Go Usable Security UX Review Security UX is not just the critical path and core aspects but every deep detail of the end-to-end system @darrenkall #secux #mwux12
22beyond the critical path Go Usable Security UX Review  Critical path  Training  Data sharing  Vigilance  Profile  Awareness  Passwords  Alerting  Management  Adoption  Purchasing  Usage  Billing  Proper configuration  Customization  Errors  Returns  etc. @darrenkall #secux #mwux12
23 Examples from 2011 Usable Security UX Review When going beyond traditional UX could have helped security @darrenkall #secux #mwux12
24 Comodo Cert Auth Usable Security UX Review Problem: issued fraudulent certs UX root cause: people are easily deceived Result: employees were socially engineered UX solution: improve system, process, probes, teaching, etc. to allow employees to do confidence test of applicants @darrenkall #secux #mwux12
25 DigiNotar Usable Security UX Review Problem: hackers had access to issue their own certs UX root cause: people can’t perceive patterns over broad data Result: breach not in admin awareness for some unknown duration UX solution: pattern recognition, visualization of data @darrenkall #secux #mwux12
26 DigiNotar Usable Security UX Review Problem: DigiNotar had no easy way to revoke certs UX root cause: people susceptible to impact bias (a cognitive bias of estimation) so did not prepare a user scenario for cert revocation Result: Even after identified no easy way to stop certs UX solution: lifecycle interaction flow design, unbiased risk evaluation @darrenkall #secux #mwux12
27 Sony Usable Security UX Review Problem: data breach 77 Million ID thefts UX root cause: people susceptible to confirmation bias – see what they want Result: did not perceive risk and made poor security choices, insufficient maintenance of patches UX solution: processes that remove biased decision making from product usage @darrenkall #secux #mwux12
28 Sony Usable Security UX Review Problem: data breach 77 Million ID thefts UX root cause: overconfidence in decision making, provoked the hacker community Result: hackers accepted the invitation UX solution: hacker persona profiling as part of IT decision making @darrenkall #secux #mwux12
29 Protocol H.323 Usable Security UX Review Problem: ~150,000 corporate video systems set to auto-answer allowing spying UX root cause: status quo bias and poor risk assessment skills Result: system default configuration implications overlooked, not deployed within secure corporate networks UX solution: interface alerts, configuration defaults, and awareness training for implementation staff @darrenkall #secux #mwux12
30 Challenge Usable Security UX Review You can make a huge difference in solving the human aspects of security issues. @darrenkall #secux #mwux12
31 You Thank Usable Security UX Review We’re glad to help your product become more usable and more secure. We’re hiring UX contractors and freelancers. Security UX Daily Paper.li • http://is.gd/kdcf0p Darren Kall @darrenkall +1 (937) 648-4966 •darrenkall@kallconsulting.com •http://www.slideshare.net/DarrenKall @darrenkall #secux #mwux12
32 Credits Media Usable Security UX Review Man drawing Patty Borgman Scared woman http://www.etftrends.com/2010/06/safe-haven-bear-etfs-lead-asset-grab-may/ Beer http://www.bestfreeicons.com/c47-3d-icons-0.html @darrenkall #secux #mwux12

Recomendados

Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Darren Kall
 
Usable Security: When Security Meets Usability
Usable Security: When Security Meets UsabilityUsable Security: When Security Meets Usability
Usable Security: When Security Meets UsabilityShujun Li
 
Istance Designing Gaze Gestures For Gaming An Investigation Of Performance
Istance Designing Gaze Gestures For Gaming An Investigation Of PerformanceIstance Designing Gaze Gestures For Gaming An Investigation Of Performance
Istance Designing Gaze Gestures For Gaming An Investigation Of PerformanceKalle
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
Graphical Password by Watermarking for security
Graphical Password by Watermarking for securityGraphical Password by Watermarking for security
Graphical Password by Watermarking for securityIJERA Editor
 
Observer-Resistant Password Systems: How hard to make them both usable and se...
Observer-Resistant Password Systems: How hard to make them both usable and se...Observer-Resistant Password Systems: How hard to make them both usable and se...
Observer-Resistant Password Systems: How hard to make them both usable and se...Shujun Li
 
From Digital Watermarking to Multimedia Forensics: How can they help to dete...
From Digital Watermarking to Multimedia Forensics: How can they help to dete...From Digital Watermarking to Multimedia Forensics: How can they help to dete...
From Digital Watermarking to Multimedia Forensics: How can they help to dete...Shujun Li
 

Recomendados

Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Darren Kall
 
Usable Security: When Security Meets Usability
Usable Security: When Security Meets UsabilityUsable Security: When Security Meets Usability
Usable Security: When Security Meets UsabilityShujun Li
 
Istance Designing Gaze Gestures For Gaming An Investigation Of Performance
Istance Designing Gaze Gestures For Gaming An Investigation Of PerformanceIstance Designing Gaze Gestures For Gaming An Investigation Of Performance
Istance Designing Gaze Gestures For Gaming An Investigation Of PerformanceKalle
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
Graphical Password by Watermarking for security
Graphical Password by Watermarking for securityGraphical Password by Watermarking for security
Graphical Password by Watermarking for securityIJERA Editor
 
Observer-Resistant Password Systems: How hard to make them both usable and se...
Observer-Resistant Password Systems: How hard to make them both usable and se...Observer-Resistant Password Systems: How hard to make them both usable and se...
Observer-Resistant Password Systems: How hard to make them both usable and se...Shujun Li
 
From Digital Watermarking to Multimedia Forensics: How can they help to dete...
From Digital Watermarking to Multimedia Forensics: How can they help to dete...From Digital Watermarking to Multimedia Forensics: How can they help to dete...
From Digital Watermarking to Multimedia Forensics: How can they help to dete...Shujun Li
 
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Erik Ginalick
 
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...IOSR Journals
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
louise and lauren paper presentations development of guide assistive technology
louise and lauren paper presentations development of guide assistive technologylouise and lauren paper presentations development of guide assistive technology
louise and lauren paper presentations development of guide assistive technologyCOT SSNP
 
The difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of SecurityThe difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of SecurityAnup Narayanan
 
Performance Comparison of Digital Image Watermarking Techniques: A Survey
Performance Comparison of Digital Image Watermarking Techniques: A SurveyPerformance Comparison of Digital Image Watermarking Techniques: A Survey
Performance Comparison of Digital Image Watermarking Techniques: A SurveyEditor IJCATR
 
Graphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationGraphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationIRJET Journal
 
Towards a Smart Control Room for Crisis Response Using Visual Perception of U...
Towards a Smart Control Room for Crisis Response Using Visual Perception of U...Towards a Smart Control Room for Crisis Response Using Visual Perception of U...
Towards a Smart Control Room for Crisis Response Using Visual Perception of U...Joris IJsselmuiden
 
Van der kamp.2011.gaze and voice controlled drawing
Van der kamp.2011.gaze and voice controlled drawingVan der kamp.2011.gaze and voice controlled drawing
Van der kamp.2011.gaze and voice controlled drawingmrgazer
 
590 599
590 599590 599
590 599Editor IJARCET
 
Cases
CasesCases
CasesAlexandra
 
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Chris Ross
 
Symantec 2006_Annual_Report
Symantec 2006_Annual_ReportSymantec 2006_Annual_Report
Symantec 2006_Annual_Reportfinance40
 
1709 1715
1709 17151709 1715
1709 1715Editor IJARCET
 
Raise of deep learning
Raise of deep learningRaise of deep learning
Raise of deep learningBill GU
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Security on z/OS
Security on z/OSSecurity on z/OS
Security on z/OSIBM India Smarter Computing
 
Contenxt 100407
Contenxt 100407Contenxt 100407
Contenxt 100407Ramesh Jain
 
Workshop: Gathering User Insight
Workshop: Gathering User InsightWorkshop: Gathering User Insight
Workshop: Gathering User InsightDarren Kall
 
Usable security
Usable securityUsable security
Usable securityRachel Ilan Simpson
 
(Un)usable Security
(Un)usable Security(Un)usable Security
(Un)usable SecurityStefan
 
ATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecurityATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecuritySven Wohlgemuth
 

Más contenido relacionado

La actualidad más candente

Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Erik Ginalick
 
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...IOSR Journals
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
louise and lauren paper presentations development of guide assistive technology
louise and lauren paper presentations development of guide assistive technologylouise and lauren paper presentations development of guide assistive technology
louise and lauren paper presentations development of guide assistive technologyCOT SSNP
 
The difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of SecurityThe difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of SecurityAnup Narayanan
 
Performance Comparison of Digital Image Watermarking Techniques: A Survey
Performance Comparison of Digital Image Watermarking Techniques: A SurveyPerformance Comparison of Digital Image Watermarking Techniques: A Survey
Performance Comparison of Digital Image Watermarking Techniques: A SurveyEditor IJCATR
 
Graphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationGraphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationIRJET Journal
 
Towards a Smart Control Room for Crisis Response Using Visual Perception of U...
Towards a Smart Control Room for Crisis Response Using Visual Perception of U...Towards a Smart Control Room for Crisis Response Using Visual Perception of U...
Towards a Smart Control Room for Crisis Response Using Visual Perception of U...Joris IJsselmuiden
 
Van der kamp.2011.gaze and voice controlled drawing
Van der kamp.2011.gaze and voice controlled drawingVan der kamp.2011.gaze and voice controlled drawing
Van der kamp.2011.gaze and voice controlled drawingmrgazer
 
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Chris Ross
 
Symantec 2006_Annual_Report
Symantec 2006_Annual_ReportSymantec 2006_Annual_Report
Symantec 2006_Annual_Reportfinance40
 
Raise of deep learning
Raise of deep learningRaise of deep learning
Raise of deep learningBill GU
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 

La actualidad más candente (18)

Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
 
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
Persuasive Cued Click Based Graphical Password with Scrambling For Knowledge ...
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
louise and lauren paper presentations development of guide assistive technology
louise and lauren paper presentations development of guide assistive technologylouise and lauren paper presentations development of guide assistive technology
louise and lauren paper presentations development of guide assistive technology
 
The difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of SecurityThe difference between the Reality and Feeling of Security
The difference between the Reality and Feeling of Security
 
Performance Comparison of Digital Image Watermarking Techniques: A Survey
Performance Comparison of Digital Image Watermarking Techniques: A SurveyPerformance Comparison of Digital Image Watermarking Techniques: A Survey
Performance Comparison of Digital Image Watermarking Techniques: A Survey
 
Graphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image SegmentationGraphical Password Authentication using Image Segmentation
Graphical Password Authentication using Image Segmentation
 
Towards a Smart Control Room for Crisis Response Using Visual Perception of U...
Towards a Smart Control Room for Crisis Response Using Visual Perception of U...Towards a Smart Control Room for Crisis Response Using Visual Perception of U...
Towards a Smart Control Room for Crisis Response Using Visual Perception of U...
 
Van der kamp.2011.gaze and voice controlled drawing
Van der kamp.2011.gaze and voice controlled drawingVan der kamp.2011.gaze and voice controlled drawing
Van der kamp.2011.gaze and voice controlled drawing
 
590 599
590 599590 599
590 599
 
Cases
CasesCases
Cases
 
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...Data-centric Security: Using Information Protection and Control (IPC) Tools t...
Data-centric Security: Using Information Protection and Control (IPC) Tools t...
 
Symantec 2006_Annual_Report
Symantec 2006_Annual_ReportSymantec 2006_Annual_Report
Symantec 2006_Annual_Report
 
1709 1715
1709 17151709 1715
1709 1715
 
Raise of deep learning
Raise of deep learningRaise of deep learning
Raise of deep learning
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
 
Security on z/OS
Security on z/OSSecurity on z/OS
Security on z/OS
 
Contenxt 100407
Contenxt 100407Contenxt 100407
Contenxt 100407
 

Destacado

Workshop: Gathering User Insight
Workshop: Gathering User InsightWorkshop: Gathering User Insight
Workshop: Gathering User InsightDarren Kall
 
(Un)usable Security
(Un)usable Security(Un)usable Security
(Un)usable SecurityStefan
 
ATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecurityATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecuritySven Wohlgemuth
 
Ctf online idsecconf2012 walkthrough
Ctf online idsecconf2012 walkthroughCtf online idsecconf2012 walkthrough
Ctf online idsecconf2012 walkthroughidsecconf
 
Usability and security in future voting systems
Usability and security in future voting systemsUsability and security in future voting systems
Usability and security in future voting systemsDana Chisnell
 
Lorrie Cranor - Usable Privacy & Security
Lorrie Cranor - Usable Privacy & SecurityLorrie Cranor - Usable Privacy & Security
Lorrie Cranor - Usable Privacy & SecurityAmy Lenzo
 
Screening Commercial Aviation Passengers in the Aftermath of September 11, 2001
Screening Commercial Aviation Passengers in the Aftermath of September 11, 2001Screening Commercial Aviation Passengers in the Aftermath of September 11, 2001
Screening Commercial Aviation Passengers in the Aftermath of September 11, 2001Laura Albert
 
2015 Fuzzy Vance Lecture in Mathematics at Oberlin College: Locating and disp...
2015 Fuzzy Vance Lecture in Mathematics at Oberlin College: Locating and disp...2015 Fuzzy Vance Lecture in Mathematics at Oberlin College: Locating and disp...
2015 Fuzzy Vance Lecture in Mathematics at Oberlin College: Locating and disp...Laura Albert
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 
Cloud Security & Real World Threats
Cloud Security & Real World ThreatsCloud Security & Real World Threats
Cloud Security & Real World ThreatsRob Witoff
 
Design in Tech Report 2017
Design in Tech Report 2017Design in Tech Report 2017
Design in Tech Report 2017John Maeda
 

Destacado (12)

Workshop: Gathering User Insight
Workshop: Gathering User InsightWorkshop: Gathering User Insight
Workshop: Gathering User Insight
 
Usable security
Usable securityUsable security
Usable security
 
(Un)usable Security
(Un)usable Security(Un)usable Security
(Un)usable Security
 
ATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecurityATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable Security
 
Ctf online idsecconf2012 walkthrough
Ctf online idsecconf2012 walkthroughCtf online idsecconf2012 walkthrough
Ctf online idsecconf2012 walkthrough
 
Usability and security in future voting systems
Usability and security in future voting systemsUsability and security in future voting systems
Usability and security in future voting systems
 
Lorrie Cranor - Usable Privacy & Security
Lorrie Cranor - Usable Privacy & SecurityLorrie Cranor - Usable Privacy & Security
Lorrie Cranor - Usable Privacy & Security
 
Screening Commercial Aviation Passengers in the Aftermath of September 11, 2001
Screening Commercial Aviation Passengers in the Aftermath of September 11, 2001Screening Commercial Aviation Passengers in the Aftermath of September 11, 2001
Screening Commercial Aviation Passengers in the Aftermath of September 11, 2001
 
2015 Fuzzy Vance Lecture in Mathematics at Oberlin College: Locating and disp...
2015 Fuzzy Vance Lecture in Mathematics at Oberlin College: Locating and disp...2015 Fuzzy Vance Lecture in Mathematics at Oberlin College: Locating and disp...
2015 Fuzzy Vance Lecture in Mathematics at Oberlin College: Locating and disp...
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Cloud Security & Real World Threats
Cloud Security & Real World ThreatsCloud Security & Real World Threats
Cloud Security & Real World Threats
 
Design in Tech Report 2017
Design in Tech Report 2017Design in Tech Report 2017
Design in Tech Report 2017
 

Similar a Usable security it isn't secure if people can't use it mwux 2 jun2012

Human Factors in Innovation: Designing for Adoption
Human Factors in Innovation: Designing for AdoptionHuman Factors in Innovation: Designing for Adoption
Human Factors in Innovation: Designing for AdoptionJim Kalbach
 
The Thing That Should Not Be
The Thing That Should Not BeThe Thing That Should Not Be
The Thing That Should Not Bemorisson
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
Good design is a myth - by Zoltan Kollin | UXRiga 2017
Good design is a myth - by Zoltan Kollin | UXRiga 2017Good design is a myth - by Zoltan Kollin | UXRiga 2017
Good design is a myth - by Zoltan Kollin | UXRiga 2017UX Riga
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Trend Micro - is your cloud secure
Trend Micro - is your cloud secureTrend Micro - is your cloud secure
Trend Micro - is your cloud secureKappa Data
 
Principles of user interface design
Principles of user interface designPrinciples of user interface design
Principles of user interface designvivekvelvan
 
Interusability: designing a coherent system UX
Interusability: designing a coherent system UXInterusability: designing a coherent system UX
Interusability: designing a coherent system UXClaire Rowland
 
Pouring Cement on Mobile Devices
Pouring Cement on Mobile DevicesPouring Cement on Mobile Devices
Pouring Cement on Mobile DevicesApperian
 
Ux checklist
Ux checklistUx checklist
Ux checklistWayne Pau
 
Mob x recap for here sept 2014
Mob x recap for here sept 2014Mob x recap for here sept 2014
Mob x recap for here sept 2014Tracy Rolling
 
Good design is... a myth - Zoltan Kollin - UX Copenhagen 2017
Good design is... a myth - Zoltan Kollin - UX Copenhagen 2017Good design is... a myth - Zoltan Kollin - UX Copenhagen 2017
Good design is... a myth - Zoltan Kollin - UX Copenhagen 2017Zoltan Kollin
 
UX Smackdown! Usability Testing Techniques in the Ring
UX Smackdown! Usability Testing Techniques in the RingUX Smackdown! Usability Testing Techniques in the Ring
UX Smackdown! Usability Testing Techniques in the Ringrsherrill
 
Infromation Security as an Institutional Priority
Infromation Security as an Institutional PriorityInfromation Security as an Institutional Priority
Infromation Security as an Institutional Priorityzohaibqadir
 
UX Joburg: Mobile UX Workshop
UX Joburg: Mobile UX WorkshopUX Joburg: Mobile UX Workshop
UX Joburg: Mobile UX WorkshopRob Enslin
 
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019Eturnti Consulting Pvt Ltd
 
REDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to ContainersREDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to Containersartseremis
 
Total Defense Customer Success Stories - Threat Manager r12: 422 South
Total Defense Customer Success Stories - Threat Manager r12: 422 SouthTotal Defense Customer Success Stories - Threat Manager r12: 422 South
Total Defense Customer Success Stories - Threat Manager r12: 422 SouthTotalDefense
 
Good design is a myth - Zoltan Kollin @ UX Cambridge 2017 & UX Scotland 2017
Good design is a myth - Zoltan Kollin @ UX Cambridge 2017 & UX Scotland 2017Good design is a myth - Zoltan Kollin @ UX Cambridge 2017 & UX Scotland 2017
Good design is a myth - Zoltan Kollin @ UX Cambridge 2017 & UX Scotland 2017Zoltan Kollin
 

Similar a Usable security it isn't secure if people can't use it mwux 2 jun2012 (20)

Human Factors in Innovation: Designing for Adoption
Human Factors in Innovation: Designing for AdoptionHuman Factors in Innovation: Designing for Adoption
Human Factors in Innovation: Designing for Adoption
 
The Thing That Should Not Be
The Thing That Should Not BeThe Thing That Should Not Be
The Thing That Should Not Be
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff Crume
 
Good design is a myth - by Zoltan Kollin | UXRiga 2017
Good design is a myth - by Zoltan Kollin | UXRiga 2017Good design is a myth - by Zoltan Kollin | UXRiga 2017
Good design is a myth - by Zoltan Kollin | UXRiga 2017
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
 
Trend Micro - is your cloud secure
Trend Micro - is your cloud secureTrend Micro - is your cloud secure
Trend Micro - is your cloud secure
 
Principles of user interface design
Principles of user interface designPrinciples of user interface design
Principles of user interface design
 
Interusability: designing a coherent system UX
Interusability: designing a coherent system UXInterusability: designing a coherent system UX
Interusability: designing a coherent system UX
 
Pouring Cement on Mobile Devices
Pouring Cement on Mobile DevicesPouring Cement on Mobile Devices
Pouring Cement on Mobile Devices
 
Ux checklist
Ux checklistUx checklist
Ux checklist
 
Mob x recap for here sept 2014
Mob x recap for here sept 2014Mob x recap for here sept 2014
Mob x recap for here sept 2014
 
Good design is... a myth - Zoltan Kollin - UX Copenhagen 2017
Good design is... a myth - Zoltan Kollin - UX Copenhagen 2017Good design is... a myth - Zoltan Kollin - UX Copenhagen 2017
Good design is... a myth - Zoltan Kollin - UX Copenhagen 2017
 
UX Smackdown! Usability Testing Techniques in the Ring
UX Smackdown! Usability Testing Techniques in the RingUX Smackdown! Usability Testing Techniques in the Ring
UX Smackdown! Usability Testing Techniques in the Ring
 
Infromation Security as an Institutional Priority
Infromation Security as an Institutional PriorityInfromation Security as an Institutional Priority
Infromation Security as an Institutional Priority
 
UX Joburg: Mobile UX Workshop
UX Joburg: Mobile UX WorkshopUX Joburg: Mobile UX Workshop
UX Joburg: Mobile UX Workshop
 
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
 
REDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to ContainersREDUCING CYBER EXPOSURE From Cloud to Containers
REDUCING CYBER EXPOSURE From Cloud to Containers
 
Total Defense Customer Success Stories - Threat Manager r12: 422 South
Total Defense Customer Success Stories - Threat Manager r12: 422 SouthTotal Defense Customer Success Stories - Threat Manager r12: 422 South
Total Defense Customer Success Stories - Threat Manager r12: 422 South
 
Good design is a myth - Zoltan Kollin @ UX Cambridge 2017 & UX Scotland 2017
Good design is a myth - Zoltan Kollin @ UX Cambridge 2017 & UX Scotland 2017Good design is a myth - Zoltan Kollin @ UX Cambridge 2017 & UX Scotland 2017
Good design is a myth - Zoltan Kollin @ UX Cambridge 2017 & UX Scotland 2017
 
The Future Of Learning
The Future Of LearningThe Future Of Learning
The Future Of Learning
 

Más de Darren Kall

Harvesting user insights revolve conf v09
Harvesting user insights revolve conf v09Harvesting user insights revolve conf v09
Harvesting user insights revolve conf v09Darren Kall
 
You learn more from talking with angry customers
You learn more from talking with angry customersYou learn more from talking with angry customers
You learn more from talking with angry customersDarren Kall
 
Flowcharting: The UX Socket Wrench
Flowcharting: The UX Socket WrenchFlowcharting: The UX Socket Wrench
Flowcharting: The UX Socket WrenchDarren Kall
 
Unbiased customer interviews v022 for slideshare kall consulting
Unbiased customer interviews v022 for slideshare kall consultingUnbiased customer interviews v022 for slideshare kall consulting
Unbiased customer interviews v022 for slideshare kall consultingDarren Kall
 
"This Product Sucks!" Better Experiences, Better Business, Better World
"This Product Sucks!" Better Experiences, Better Business, Better World"This Product Sucks!" Better Experiences, Better Business, Better World
"This Product Sucks!" Better Experiences, Better Business, Better WorldDarren Kall
 
"This Product Sucks!" Better Experiences, Better Business, Better World
"This Product Sucks!" Better Experiences, Better Business, Better World"This Product Sucks!" Better Experiences, Better Business, Better World
"This Product Sucks!" Better Experiences, Better Business, Better WorldDarren Kall
 
This Product Sucks: The Business Impacts of User Experience Breakdowns
This Product Sucks: The Business Impacts of User Experience BreakdownsThis Product Sucks: The Business Impacts of User Experience Breakdowns
This Product Sucks: The Business Impacts of User Experience BreakdownsDarren Kall
 
You Learn More from Talking with Angry Customers: Transforming Customer Anger...
You Learn More from Talking with Angry Customers: Transforming Customer Anger...You Learn More from Talking with Angry Customers: Transforming Customer Anger...
You Learn More from Talking with Angry Customers: Transforming Customer Anger...Darren Kall
 
This Product Sucks! for Midwest UX Conference
This Product Sucks! for Midwest UX ConferenceThis Product Sucks! for Midwest UX Conference
This Product Sucks! for Midwest UX ConferenceDarren Kall
 

Más de Darren Kall (9)

Harvesting user insights revolve conf v09
Harvesting user insights revolve conf v09Harvesting user insights revolve conf v09
Harvesting user insights revolve conf v09
 
You learn more from talking with angry customers
You learn more from talking with angry customersYou learn more from talking with angry customers
You learn more from talking with angry customers
 
Flowcharting: The UX Socket Wrench
Flowcharting: The UX Socket WrenchFlowcharting: The UX Socket Wrench
Flowcharting: The UX Socket Wrench
 
Unbiased customer interviews v022 for slideshare kall consulting
Unbiased customer interviews v022 for slideshare kall consultingUnbiased customer interviews v022 for slideshare kall consulting
Unbiased customer interviews v022 for slideshare kall consulting
 
"This Product Sucks!" Better Experiences, Better Business, Better World
"This Product Sucks!" Better Experiences, Better Business, Better World"This Product Sucks!" Better Experiences, Better Business, Better World
"This Product Sucks!" Better Experiences, Better Business, Better World
 
"This Product Sucks!" Better Experiences, Better Business, Better World
"This Product Sucks!" Better Experiences, Better Business, Better World"This Product Sucks!" Better Experiences, Better Business, Better World
"This Product Sucks!" Better Experiences, Better Business, Better World
 
This Product Sucks: The Business Impacts of User Experience Breakdowns
This Product Sucks: The Business Impacts of User Experience BreakdownsThis Product Sucks: The Business Impacts of User Experience Breakdowns
This Product Sucks: The Business Impacts of User Experience Breakdowns
 
You Learn More from Talking with Angry Customers: Transforming Customer Anger...
You Learn More from Talking with Angry Customers: Transforming Customer Anger...You Learn More from Talking with Angry Customers: Transforming Customer Anger...
You Learn More from Talking with Angry Customers: Transforming Customer Anger...
 
This Product Sucks! for Midwest UX Conference
This Product Sucks! for Midwest UX ConferenceThis Product Sucks! for Midwest UX Conference
This Product Sucks! for Midwest UX Conference
 

Último

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 

Último (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 

Usable security it isn't secure if people can't use it mwux 2 jun2012

  • 1. 1 Usable Security UX Review Usable Security It isn’t secure if people can’t use it. Darren Kall – Midwest UX 2012 @darrenkall #secUX #mwux12 KALL Consulting customer and user experience design and strategy 20-min version: 2Jun2012 @darrenkall #secux #mwux12
  • 2. 2 enough Usable Security Not Usable Security UX Review There are some UX people focusing on security UX But not enough Because we don’t see it as our problem It is our problem We can’t solve all the problem We may be the only people who can help @darrenkall #secux #mwux12
  • 3. 3 InfoSec Credentials Usable Security UX Review Founded the Windows Security UX team Founded the Windows Security Assurance team GPM of the Windows Core Security team GPM of the Microsoft Passport UX team GPM of the Microsoft Passport front-end PM team Founded the MSN-client security and privacy teams Worked on designing the security for the AT&T phone system for the Whitehouse @darrenkall #secux #mwux12
  • 4. 4 Usable Security UX Review I’mI’m Apology to ~900 Million people I’m sorry. I’m I’m I’mI’m I’m sorry. I’m sorry. sorry. sorry. sorry. I’m sorry. I’m I’m sorry. I’m sorry. sorry. sorry. sorry. I’mI’m I’m I’m I’m sorry. I’m I’m I’m I’m sorry. sorry. sorry. sorry. I’m sorry. I’m sorry. I’m sorry. sorry. sorry. I’m I’m I’m sorry. sorry. I’m I’m I’m I’m sorry.sorry. sorry. sorry. I’m sorry.I’m I’m sorry. I’m sorry. I’m I’m sorry.sorry.sorry. I’m sorry. sorry.sorry. @darrenkall #secux #mwux12
  • 5. 5 Bookend Talk Usable Security UX Review Spoke at an InfoSec conference 2012 encouraged them to adopt a UX approach Speaking to you at Midwest UX 2012 encourage you to focus on security Weak on the encouragement side Scare you @darrenkall #secux #mwux12
  • 6. 6 stuff first Scary Usable Security UX Review Mobile device malware increased 1,200% in 1Q 2012 Cybercrime in 2011 had more revenue than the international illicit drug trade US Treasury reports 100’s of billions lost per year due to security breaches 2011 mobile app market = 8.5 B 2016 project mobile app market = 46 B 2011 tablet and smartphone market = 190 B 2015 saturation Security incidents increase: Overall US 2011 = 77%, Federal (5 years) = 650% GNP growth 2012 = 2.4% - 3% @darrenkall #secux #mwux12
  • 7. 7 will it continue to get worse? Why Usable Security UX Review Increased cloud usage Increased mobile usage “New” web tech: HTML 5, CSS3, etc. More powerful access to data Social, geolocation, connectedness … Hactivism Government to government attacks - cyberwar Etc. @darrenkall #secux #mwux12
  • 8. 8 Hacker Credentials Usable Security UX Review Short and sweet hacking career Caught by US military IT security forensics team No charges Just wanted to know how a graduate student in New Hampshire got into a secure military network in Colorado Never asked me why Never asked about problem solving Did not take a UX approach @darrenkall #secux #mwux12
  • 9. 9 Current meme Usable Security UX Review “The system would be secure if we just got rid of the people.” Every IT person who ever worked on security @darrenkall #secux #mwux12
  • 10. 10 way – they are right In a Usable Security UX Review The problems with people Limited “Imperfect” Memory cognitive Lazy models Don’t respond quickly Limited number enough crunching Don’t Emotional understand responses security Limited ability to visualize Fear Limited decision negative making skill outcomes Too Not tech busy savvy Limits to vigilance Cognitive biases Easily deceived @darrenkall #secux #mwux12
  • 11. 11 Security issues are UX design issues Usable Security UX Review Security issues are human issues Human issues are UX design issues @darrenkall #secux #mwux12
  • 12. 12Wheelhouse UX Usable Security UX Review UX design has the techniques and skills to solve security issues But there’s a catch Systems are secure only if every aspect of the end- to-end system can be used @darrenkall #secux #mwux12
  • 13. 13 Traditional UX focus Usable Security UX Review End-users Product and features Trending tech/industries Critical path – core aspects @darrenkall #secux #mwux12
  • 14. 14improve security To Usable Security UX Review Go beyond traditional UX Adopt “Security Thinking” @darrenkall #secux #mwux12
  • 15. 15beyond end-users Go Usable Security UX Review Security UX is not just end-users but every human in the end-to-end system @darrenkall #secux #mwux12
  • 16. 16beyond end-users Go Usable Security UX Review  End-users  Product Managers  Installers  Business Analysts  Administrators  System Designers  Hackers  Program Managers  Project Managers  Trainers  Developers  Maintenance  Testers  Monitoring  Marketing  Forensics  Sales  Deprecation  etc. @darrenkall #secux #mwux12
  • 17. 17beyond the product Go Usable Security UX Review Security UX is not just the product and features but every interaction with the end-to-end system @darrenkall #secux #mwux12
  • 18. 18beyond the product Go Usable Security UX Review  Product  Installation  Documentation  Uninstall  Customer Support  Purchase  System logic  Supply chain  Cognitive Model  Relationship  Perception  Trust  Services  Predictability  Updates  Availability  Upgrades  etc. @darrenkall #secux #mwux12
  • 19. 19beyond trending tech Go Usable Security UX Review Security UX is not just trending technology or industries but every component in the end-to-end system @darrenkall #secux #mwux12
  • 20. 20beyond trending tech Go Usable Security UX Review  Trending Tech  NFC  Trending Industries  Voice  Mobile  Gestures  Touch computing  “Old” Tech  Social  “Old” industries  Social gestures  Existing tech  Healthcare  etc.  Big data  Green @darrenkall #secux #mwux12
  • 21. 21beyond the critical path Go Usable Security UX Review Security UX is not just the critical path and core aspects but every deep detail of the end-to-end system @darrenkall #secux #mwux12
  • 22. 22beyond the critical path Go Usable Security UX Review  Critical path  Training  Data sharing  Vigilance  Profile  Awareness  Passwords  Alerting  Management  Adoption  Purchasing  Usage  Billing  Proper configuration  Customization  Errors  Returns  etc. @darrenkall #secux #mwux12
  • 23. 23 Examples from 2011 Usable Security UX Review When going beyond traditional UX could have helped security @darrenkall #secux #mwux12
  • 24. 24 Comodo Cert Auth Usable Security UX Review Problem: issued fraudulent certs UX root cause: people are easily deceived Result: employees were socially engineered UX solution: improve system, process, probes, teaching, etc. to allow employees to do confidence test of applicants @darrenkall #secux #mwux12
  • 25. 25 DigiNotar Usable Security UX Review Problem: hackers had access to issue their own certs UX root cause: people can’t perceive patterns over broad data Result: breach not in admin awareness for some unknown duration UX solution: pattern recognition, visualization of data @darrenkall #secux #mwux12
  • 26. 26 DigiNotar Usable Security UX Review Problem: DigiNotar had no easy way to revoke certs UX root cause: people susceptible to impact bias (a cognitive bias of estimation) so did not prepare a user scenario for cert revocation Result: Even after identified no easy way to stop certs UX solution: lifecycle interaction flow design, unbiased risk evaluation @darrenkall #secux #mwux12
  • 27. 27 Sony Usable Security UX Review Problem: data breach 77 Million ID thefts UX root cause: people susceptible to confirmation bias – see what they want Result: did not perceive risk and made poor security choices, insufficient maintenance of patches UX solution: processes that remove biased decision making from product usage @darrenkall #secux #mwux12
  • 28. 28 Sony Usable Security UX Review Problem: data breach 77 Million ID thefts UX root cause: overconfidence in decision making, provoked the hacker community Result: hackers accepted the invitation UX solution: hacker persona profiling as part of IT decision making @darrenkall #secux #mwux12
  • 29. 29 Protocol H.323 Usable Security UX Review Problem: ~150,000 corporate video systems set to auto-answer allowing spying UX root cause: status quo bias and poor risk assessment skills Result: system default configuration implications overlooked, not deployed within secure corporate networks UX solution: interface alerts, configuration defaults, and awareness training for implementation staff @darrenkall #secux #mwux12
  • 30. 30 Challenge Usable Security UX Review You can make a huge difference in solving the human aspects of security issues. @darrenkall #secux #mwux12
  • 31. 31 You Thank Usable Security UX Review We’re glad to help your product become more usable and more secure. We’re hiring UX contractors and freelancers. Security UX Daily Paper.li • http://is.gd/kdcf0p Darren Kall @darrenkall +1 (937) 648-4966 •darrenkall@kallconsulting.com •http://www.slideshare.net/DarrenKall @darrenkall #secux #mwux12
  • 32. 32 Credits Media Usable Security UX Review Man drawing Patty Borgman Scared woman http://www.etftrends.com/2010/06/safe-haven-bear-etfs-lead-asset-grab-may/ Beer http://www.bestfreeicons.com/c47-3d-icons-0.html @darrenkall #secux #mwux12