Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Human Element in Security

Published byGabrielle Malo Modified over 5 years ago

Similar presentations

Presentation on theme: "The Human Element in Security"— Presentation transcript:

1 The Human Element in Security
M. Angela Sasse Professor of Human-Centred Technology Head of Information Security Research Department of Computer Science University College London, UK

2 PAS

3 How it all began … Study on escalating cost of password resets at BT
Users faced with workload too high Leads them to shortcut security mechanisms Users don’t understand threats and risks Consequence: war between users and security department Adams & Sasse CACM 1999

4 What is the problem? People make mistakes People are asked too much

5 Allendoerfer & Pai (2005): Human Factors Considerations for Passwords and Other User Identification Techniques. US DOT/FAA/CT- 05/20

6 Usability and security
... are not “opponents” People won’t comply when they have to make too much effort – ‘compliance threshold’ People will bypass security that is too time-consuming, or difficult to figure out People will stay away from services with onerous security

7

8 What is a payment card for?
angela Chip & PIN example from Trustguide research so there are two issues here 1- unintentionally bad design by not designing for primary task completion, and 

9 Security that supports user goals
angela whereas he we have an approach that acknowledges that From a usability point of view, these are badly designed secondary tasks, and such bad design will always  1) annoy users  2) reduce their performance 3) increase cost of operating the solution overall - which counteracts economic benefits for both parties Think about your security measures in the same way Another example we could use is anti-phishing tools: passive security indicators like Spoofstick, and the training approach taken by Phishguru, require uses to check every website they go to - this is a disruptive, time-consuming and error-prone task.  A better designed solution is a tool that online interferes - pops up a visible warning:  if something is (likely to be) wrong - e.g. the SOLID anti-phishing tool, or the Camp's Trust Orb

Download ppt "The Human Element in Security"

Similar presentations

Making Security Work M. Angela Sasse Dept of Computer Science University College London

Making Security Work M. Angela Sasse Dept of Computer Science University College London
Lecture 3 Value Proposition Tool. Value Proposition Tool Value Proposition Customer Segment Pain Relievers Gain Creators Products and Services Gains Jobs.

Lecture 3 Value Proposition Tool. Value Proposition Tool Value Proposition Customer Segment Pain Relievers Gain Creators Products and Services Gains Jobs.
Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise.

Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
Effective Communication of Cyber Security Risks: Addressing the Human Element in Security Jason R.C. Nurse (PhD, MSc, BSc) Cyber Security Centre, Department.

Effective Communication of Cyber Security Risks: Addressing the Human Element in Security Jason R.C. Nurse (PhD, MSc, BSc) Cyber Security Centre, Department.
Can Data Stored on an SSD Be Secured? Computerworld (02/28/11) Lucas Mearian By: James Sutherland.

Can Data Stored on an SSD Be Secured? Computerworld (02/28/11) Lucas Mearian By: James Sutherland.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
Lecture 1 Page 1 CS 236, Spring 2008 What Are Our Security Goals? Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.

Lecture 1 Page 1 CS 236, Spring 2008 What Are Our Security Goals? Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.
Cloud Computing ity-notre-dame-logo.jpg Matthew Cunningham Selina Sambar Maria Skorcz.

Cloud Computing ity-notre-dame-logo.jpg Matthew Cunningham Selina Sambar Maria Skorcz.
An Introduction to Content Management. By the end of the session you will be able to... Explain what a content management system is Apply the principles.

An Introduction to Content Management. By the end of the session you will be able to... Explain what a content management system is Apply the principles.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Reliability & Desirability of Data

Reliability & Desirability of Data
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
References  Cranor & Garfinkel, Security and Usability, O’Reilly  Sasse & Flechais, “Usable Security: Why Do We Need It? How Do We Get It?”  McCracken.

References  Cranor & Garfinkel, Security and Usability, O’Reilly  Sasse & Flechais, “Usable Security: Why Do We Need It? How Do We Get It?”  McCracken.
Security & Usability Charles Frank. Convenience is the Antithesis to Security  Computer systems must employ mechanisms that are difficult to use!

Security & Usability Charles Frank. Convenience is the Antithesis to Security  Computer systems must employ mechanisms that are difficult to use!
Session 1.  Websites  Mobile Websites  WordPress Security  Reputation Marketing  Coming Soon ◦ Contractor Software ◦ Facebook Pages ◦ Mobile Apps.

Session 1.  Websites  Mobile Websites  WordPress Security  Reputation Marketing  Coming Soon ◦ Contractor Software ◦ Facebook Pages ◦ Mobile Apps.
Dr. Andrew P. Ciganek WebsiteNightmares. Why Examine User Interface? Developers often lack user interface expertise –Many “mistakes” are quite common.

Dr. Andrew P. Ciganek WebsiteNightmares. Why Examine User Interface? Developers often lack user interface expertise –Many “mistakes” are quite common.

Similar presentations

Ads by Google