Usable Security: Why Do We Need It? How Do We Get It?

Security experts frequently refer to people as “the weakest link in the chain” of system security. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password, because it “was easier to dupe people into revealing it” by employing a range of social engineering techniques. Often, such failures are attributed to users’ carelessness and ignorance. However, more enlightened researchers have pointed out that current security tools are simply too complex for many users, and they have made efforts to improve user interfaces to security tools. In this chapter, we aim to broaden the current perspective, focusing on the usability of security tools (or products) and the process of designing secure systems for the real-world context (the panorama) in which they have to operate. Here we demonstrate how current human factors knowledge and user-centered design principles can help security designers produce security solutions that are effective in practice

Designing usable and secure software with IRIS and CAIRIS.

Everyone expects the products and services they use to be secure, but 'building security in' at the earliest stages of a system's design also means designing for use as well. Software that is unusable to end-users and unwieldy to developers and administrators may be insecure as errors and violations may expose exploitable vulnerabilities. This book shows how practitioners and researchers can build both security and usability into the design of systems. It introduces the IRIS framework and the open source CAIRIS platform that can guide the specification of secure and usable software. It also illustrates how IRIS and CAIRIS can complement techniques from User Experience, Security Engineering and Innovation & Entrepreneurship in ways that allow security to be addressed at different stages of the software lifecycle without disruption. Real-world examples are provided of the techniques and processes illustrated in this book, making this text a resource for practitioners, researchers, educators, and students

Reflecting on the usability of research on culture in designing interaction

The concept of culture has been attractive to producers of interactive\ud systems who are willing to design useful and relevant solutions to users\ud increasingly located in culturally diverse contexts. Despite a substantial body of\ud research on culture and technology, interaction designers have not always been\ud able to apply these research outputs to effectively define requirements for\ud culturally diverse users. This paper frames this issue as one of understanding of\ud the different paradigms underpinning the cultural models being applied to\ud interface development and research. Drawing on different social science theories,\ud the authors discuss top-down and bottom-up perspectives in the study of users‟\ud cultural differences and discuss the extent to which each provides usable design\ud knowledge. The case is made for combining bottom-up and top-down perspectives\ud into a sociotechnical approach that can produce knowledge useful and usable by\ud interaction designers. This is illustrated with a case study about the design of\ud interactive systems for farmers in rural Kenya

Foregrounding accessibility for user experience design

textI am interested in creating generative tools and techniques for designing accessible user experiences for end users. As a user experience designer, I am working on embracing the web accessibility standards and guidelines and including them from the beginning of the User Experience (UX) design process. My projects are directed at facilitating design students and professionals to understand two things: that the broad concept of web accessibility is important, and how they can embed web accessibility into the UX design process at a very early stage. To do this, I used different media (website, posters and videos etc.) to create awareness and educate designers in an interesting, simple and engaging way. In this report, I will discuss the definition and role of accessible design, identify limitations in existing tools and methods, and demonstrate how future designers might research, prototype, analyze, and implement their designs for all users.Desig

Digital inclusion - the vision, the challenges and the way forward

This paper considers the vision and aspiration of digital inclusion, and then examines the current reality. It looks beyond the rhetoric to provide an analysis of the status quo, a consideration of some facilitators and challenges to progress and some suggestions for moving forward with renewed energy and commitment. The far-reaching benefits of digital inclusion and the crucial role it plays in enabling full participation in our digital society are considered. At the heart of the vision of universal digital inclusion is the deceptively simple goal to ensure that everyone is able to access and experience the wide-ranging benefits and transformational opportunities and impacts it offers. The reality is a long way from the vision: inequality of access still exists despite many national campaigns and initiatives to reduce it. The benefits and beneficiaries of a digital society are not just the individual but all stakeholders in the wider society. Research evidence has shown that the critical success factors for successful digital participation are (i) appropriate design and (ii) readily available and on-going ICT (Information and Communication Technology) support in the community. Challenges and proven solutions are presented. The proposition of community hubs in local venues to provide user-centred ICT support and learning for older and disabled people is presented. While the challenges to achieve digital inclusion are very considerable, the knowledge of how to achieve it and the technologies which enable it already exist. Harnessing of political will is necessary to make digital inclusion a reality rather than a vision. With the cooperation and commitment of all stakeholders actualisation of the vision of a digitally inclusive society, while challenging, can be achieved and will yield opportunities and rewards that eclipse the cost of implementation

Secure webs and buying intention: the moderating role of usability

El presente trabajo ha planteado un modelo conceptual a fin de mostrar como los antecedentes de la intención de compra se ven reforzados en contextos de Webs altamente usables. Específicamente, el trabajo analiza en profundidad el rol moderador de la usabilidad en la explicación de la conexión entre seguridad de una Web e intención de compra. Entre ambos extremos (seguridad e intención de compra), se han incluido diversas variables para explicar mejor su conexión. Para ello, ha sido diseñada una Web ficticia de ropa dirigida al segmento joven de clase media. A fin de alterar la usabilidad de la Web se han realizado dos tipos de manipulaciones: la velocidad y la facilidad de uso de la Web. Las dos Webs creadas (alta usabilidad y baja usabilidad) fueron visitadas por un total de 170 encuestados que fueron compensados con un USB valorado en 15 euros. Los resultados muestran que la seguridad percibida en la Web acarrea tres interesantes efectos (especialmente para la Web altamente usable): (i) mejora las actitudes agrado, (ii) reduce el nivel de riesgo percibido; (iii) aumenta la confianza. Los dos últimos efectos, a su vez, acaban aumentando la intención de compra.. Por último, se ha demostrado que la usabilidad, efectivamente, refuerza las relaciones consideradas en el modelo propuesto para explicar la intención de compra.A conceptual model has been proposed to show how buying intention antecedents are reinforced in highly usable contexts. Specifically, this paper deeply analyses the moderator role of system variables (usability) on explaining the relationship between Web security and buying intention. Between both extremes (security and buying intention), several relationships have also been stated to better explain this effect. An “ideal” fictitious Website was designed for a non existent clothing company directed at the segment of middle class consumers. In order to alter Web usability, two blocks of changes were made, one concerning Website speed and the other related to ease of use. Our experiment sample consisted of 170 respondents who participated in exchange for a pen-drive (USB) valued at 15 euros. The results show that improving website security has three interesting effects (especially in high usable contexts): (i) it improves pleasure attitudes, (ii) reduces the level of perceived risk and (iii) increases trust. Secondly, it has been found that to increase buying intention, two actions must be taken: (i) to diminish perceived risk and (ii) to improve users’ pleasure attitudes towards the Website. Finally, usability has been found to have a moderating role in all the relationships considered (reinforcing them)

Deferred Action: Theoretical model of process architecture design for emergent business processes

E-Business modelling and ebusiness systems development assumes fixed company resources, structures, and business processes. Empirical and theoretical evidence suggests that company resources and structures are emergent rather than fixed. Planning business activity in emergent contexts requires flexible ebusiness models based on better management theories and models . This paper builds and proposes a theoretical model of ebusiness systems capable of catering for emergent factors that affect business processes. Drawing on development of theories of the ‘action and design’class the Theory of Deferred Action is invoked as the base theory for the theoretical model. A theoretical model of flexible process architecture is presented by identifying its core components and their relationships, and then illustrated with exemplar flexible process architectures capable of responding to emergent factors. Managerial implications of the model are considered and the model’s generic applicability is discussed

Finding and Resolving Security Misusability with Misusability Cases

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems

Technology Culture of Mobile Maintenance Men

Technology plays a major role in our life and the role is increasing as a result of fast technological development occurring all the time. Technology’s impact on our everyday life sets new challenges also to designers. In order to design products which are usable. We need to understand technologies and devices we are developing, users of our designed products, and the relationships our users have with different kinds of technologies. User-centred design (UCD) has emerged as a counter part for traditional technology centred product development. UCD emphasizes the role of the users in every phase of product design and development. However, it seems that the users’ relationships with technologies is underestimated and sometimes even forgotten also in UCD. The users’ current tools and technological environment is seen as just surroundings and task related tools instead of as an important factor that affects to users’ actions and opinions. This article presents a case study where mobile IT maintenance men where studied with traditional UCD methods and in addition the user research was deepened with focusing on users’ relationships with technology. The results show that UCD’s methods can miss some critical phenomena relating to users’ relationships with technology and affecting to usability and quality of the developed products. Understanding how users comprehend the technologies they use, i.e. understanding what kind of technology culture the users are a part of, enables designers to better evaluate how well the developed product will fit in the lives of it’s users and what sorts of changes are possibly going to happen or required to happen in order the new product to be included in the users’ technology culture. These kinds of evaluations help the designers to design better products and the companies to better estimate business risks relating to for example technology acceptance. Keywords: Technology Culture, User-Centred Design, User Research, Distributed and Mobile Work</p