Usable security: Difference between revisions
Appearance
Content deleted Content added
Blaze Wolf (talk | contribs) Declining submission: context - Submission provides insufficient context (AFCH 0.9.1) |
DocWatson42 (talk | contribs) m Performed minor cleanup. |
||
Line 4: | Line 4: | ||
---- |
---- |
||
{{Short description|Subfield of Computer Science and Cybersecurity}} |
{{Short description|Subfield of Computer Science and Cybersecurity}} |
||
{{Draft topics|software|technology}} |
{{Draft topics|software|technology}} |
||
Line 11: | Line 10: | ||
Usable security is a subfield of [[computer science]], [[Human–computer interaction|human-computer interaction]] and [[Computer security|cybersecurity]] concerned with the usability of cybersecurity systems.<ref>{{Citation |last=Garfinkel |first=Simson |title=Introduction |date=2014 |url=https://link.springer.com/10.1007/978-3-031-02343-9_1 |work=Usable Security |pages=1–11 |place=Cham |publisher=Springer International Publishing |language=en |doi=10.1007/978-3-031-02343-9_1 |isbn=978-3-031-01215-0 |access-date=2022-12-01 |last2=Lipford |first2=Heather Richter}}</ref>. In particular, usable security focuses on ensuring that security systems are accessible and understandable to human users. This differs from the [[software engineering]] method of [[secure by design]] by placing greater focus on the human aspects of cybersecurity rather than the technical. Usable security also sits opposite the idea of [[security through obscurity]] by instead working to ensure that users are aware of the security implications of their decisions<ref>{{Citation |last=Renaud |first=Karen |title=Why Doesn’t Jane Protect Her Privacy? |date=2014 |url=http://link.springer.com/10.1007/978-3-319-08506-7_13 |work=Privacy Enhancing Technologies |volume=8555 |pages=244–262 |editor-last=De Cristofaro |editor-first=Emiliano |place=Cham |publisher=Springer International Publishing |doi=10.1007/978-3-319-08506-7_13 |isbn=978-3-319-08505-0 |access-date=2022-12-01 |last2=Volkamer |first2=Melanie |last3=Renkema-Padmos |first3=Arne |editor2-last=Murdoch |editor2-first=Steven J.}}</ref><ref>{{Cite journal |last=Yee |first=Ka-Ping |date=2004 |title=Aligning security and usability |url=https://ieeexplore.ieee.org/document/1341409/ |journal=IEEE Security & Privacy |volume=2 |issue=5 |pages=48–55 |doi=10.1109/MSP.2004.64 |issn=1558-4046}}</ref> |
Usable security is a subfield of [[computer science]], [[Human–computer interaction|human-computer interaction]] and [[Computer security|cybersecurity]] concerned with the usability of cybersecurity systems.<ref>{{Citation |last=Garfinkel |first=Simson |title=Introduction |date=2014 |url=https://link.springer.com/10.1007/978-3-031-02343-9_1 |work=Usable Security |pages=1–11 |place=Cham |publisher=Springer International Publishing |language=en |doi=10.1007/978-3-031-02343-9_1 |isbn=978-3-031-01215-0 |access-date=2022-12-01 |last2=Lipford |first2=Heather Richter}}</ref>. In particular, usable security focuses on ensuring that security systems are accessible and understandable to human users. This differs from the [[software engineering]] method of [[secure by design]] by placing greater focus on the human aspects of cybersecurity rather than the technical. Usable security also sits opposite the idea of [[security through obscurity]] by instead working to ensure that users are aware of the security implications of their decisions<ref>{{Citation |last=Renaud |first=Karen |title=Why Doesn’t Jane Protect Her Privacy? |date=2014 |url=http://link.springer.com/10.1007/978-3-319-08506-7_13 |work=Privacy Enhancing Technologies |volume=8555 |pages=244–262 |editor-last=De Cristofaro |editor-first=Emiliano |place=Cham |publisher=Springer International Publishing |doi=10.1007/978-3-319-08506-7_13 |isbn=978-3-319-08505-0 |access-date=2022-12-01 |last2=Volkamer |first2=Melanie |last3=Renkema-Padmos |first3=Arne |editor2-last=Murdoch |editor2-first=Steven J.}}</ref><ref>{{Cite journal |last=Yee |first=Ka-Ping |date=2004 |title=Aligning security and usability |url=https://ieeexplore.ieee.org/document/1341409/ |journal=IEEE Security & Privacy |volume=2 |issue=5 |pages=48–55 |doi=10.1109/MSP.2004.64 |issn=1558-4046}}</ref> |
||
== Common |
== Common goals == |
||
Much of the research in the field of usable security focuses on improving human-related aspects of cybersecurity<ref>{{Cite web |title=Security and usability: you CAN have it all! |url=https://www.ncsc.gov.uk/blog-post/security-and-usability--you-can-have-it-all- |access-date=2022-12-01 | |
Much of the research in the field of usable security focuses on improving human-related aspects of cybersecurity<ref>{{Cite web |title=Security and usability: you CAN have it all! |url=https://www.ncsc.gov.uk/blog-post/security-and-usability--you-can-have-it-all- |access-date=2022-12-01 |publisher=www.ncsc.gov.uk |language=en}}</ref>, notably: |
||
* Improving user understanding of good security practices |
* Improving user understanding of good security practices |
||
Line 18: | Line 17: | ||
* Strengthening organisational resilience to security threats stemming from user behaviour |
* Strengthening organisational resilience to security threats stemming from user behaviour |
||
== Scientific |
== Scientific conferences == |
||
* EuroUSEC: European Symposium on Usable Security |
* EuroUSEC: European Symposium on Usable Security |
||
* HAS: International Conference on Human Aspects of Information Security, Privacy, and Trust |
* HAS: International Conference on Human Aspects of Information Security, Privacy, and Trust |
||
Line 28: | Line 26: | ||
== See also == |
== See also == |
||
⚫ | |||
* [[Information design]] |
* [[Information design]] |
||
* [[Information architecture]] |
* [[Information architecture]] |
||
Line 36: | Line 32: | ||
* [[Security through obscurity]] |
* [[Security through obscurity]] |
||
* [[Software Security Assurance]] |
* [[Software Security Assurance]] |
||
⚫ | |||
== References == |
== References == |
Revision as of 02:38, 7 December 2022
This article, Usable security, has recently been created via the Articles for creation process. Please check to see if the reviewer has accidentally left this template after accepting the draft and take appropriate action as necessary.
Reviewer tools: Inform author |
- Comment: I'd suggest removing the "common goals" section as that's not very encyclopedic. ― Blaze WolfTalkBlaze Wolf#6545 15:57, 5 December 2022 (UTC)
Usable security is a subfield of computer science, human-computer interaction and cybersecurity concerned with the usability of cybersecurity systems.[1]. In particular, usable security focuses on ensuring that security systems are accessible and understandable to human users. This differs from the software engineering method of secure by design by placing greater focus on the human aspects of cybersecurity rather than the technical. Usable security also sits opposite the idea of security through obscurity by instead working to ensure that users are aware of the security implications of their decisions[2][3]
Common goals
Much of the research in the field of usable security focuses on improving human-related aspects of cybersecurity[4], notably:
- Improving user understanding of good security practices
- Minimising the friction of implementing security practices in user workflows
- Strengthening organisational resilience to security threats stemming from user behaviour
Scientific conferences
- EuroUSEC: European Symposium on Usable Security
- HAS: International Conference on Human Aspects of Information Security, Privacy, and Trust
- IFIP World Conference on Information Security Education
- STAST: International Workshop on Socio-Technical Aspects in Security
- TrustBus: International Conference on Trust and Privacy in Digital Business
- USEC: Usable Security and Privacy Symposium
See also
- Information design
- Information architecture
- Secure by default
- Secure by design
- Security through obscurity
- Software Security Assurance
- User experience design
References
- ^ Garfinkel, Simson; Lipford, Heather Richter (2014), "Introduction", Usable Security, Cham: Springer International Publishing, pp. 1–11, doi:10.1007/978-3-031-02343-9_1, ISBN 978-3-031-01215-0, retrieved 2022-12-01
- ^ Renaud, Karen; Volkamer, Melanie; Renkema-Padmos, Arne (2014), De Cristofaro, Emiliano; Murdoch, Steven J. (eds.), "Why Doesn't Jane Protect Her Privacy?", Privacy Enhancing Technologies, vol. 8555, Cham: Springer International Publishing, pp. 244–262, doi:10.1007/978-3-319-08506-7_13, ISBN 978-3-319-08505-0, retrieved 2022-12-01
- ^ Yee, Ka-Ping (2004). "Aligning security and usability". IEEE Security & Privacy. 2 (5): 48–55. doi:10.1109/MSP.2004.64. ISSN 1558-4046.
- ^ "Security and usability: you CAN have it all!". www.ncsc.gov.uk. Retrieved 2022-12-01.