THE MAGAZINE

Security and Usability: Designing Secure Systems That People Can Use

By Mayer Nudell, CSC

***** Security and Usability: Designing Secure Systems That People Can Use. Edited by Lorrie Faith and Simson Garfinkel; published by O’Reilly Media, www.oreilly.com (Web); 715 pages; $44.95.

Those of us only slightly computer literate have to cope with the onslaught of threats to our information assets and with the baffling advice on how to protect those assets. Ignoring the problem won’t help. Security and Usability is an extremely helpful resource in this regard.

Edited by academics at Carnegie Mellon and Harvard, the book tests the conventional wisdom regarding computer/information security and its tradeoffs in terms of user-friendliness: they contend that security at the expense of usability is worthless. That idea seems straightforward enough, but just look at some of the labyrinthine security procedures being extolled these days and their impact on average users. The editors have assembled a highly qualified group of experts to examine these issues in a way that is intelligible to the normal computer user.

The six major parts of the book all have their enlightening moments, whether discussing authentication mechanisms or privacy and anonymity. Throughout, conventional wisdom is challenged in refreshing ways. For example, one writer asserts that the “assumption that biometrics is inherently a usable form of security is flawed,” pointing out that factors such as environment of use and diversity of the user base have prevented widescale deployment of biometrics at automated teller machines.

Security and Usability is highly readable, intelligible, and intelligent. Security and IT professionals will find it to be a helpful resource and an effective reminder of how user impact needs to be factored into computer security decisions, procedures, and systems.


Reviewer: Mayer Nudell, CSC (Certified Security and Safety Consultant), runs Specialized Consulting Services in North Hollywood, California. He is a member of ASIS International.

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.