Subscribe    to     Newsletter
Google


Salary Meter
Resume Zap
Ask The Experts

  
Books
Extremely Loud and Incredibly Close by Jonathan Safran Foer
DATING DIAPERS AND DENIAL
YOU CAN WIN
Ready for Anything: 52 Productivity Principles for Work & Life
The No A****** Rule: Building a Civilized Workplace and Surviving One That Isn't
Go Put Your Strengths to Work: 6 Powerful Steps to Achieve Outstanding Performance
Winning: The Answers - Confronting 74 of the Toughest Questions in Business Today
Know How: The 8 skills that separate people who perform from those who don't
Made To Stick: Why Some Ideas Survive and Others Die
Blink: The Power of Thinking without Thinking
The Five Dysfunctions of a Team: A Leadership Fable
The Power of Nice: How to Conquer the Business World with Kindness
iWoz: From Computer Geek to Cult Icon: How I Invented the Personal Computer, Co-Founded Apple, and Had Fun Doing It
An Inconvenient Truth
The Daily Show with Jon Stewart Presents America (The Book): A Citizen's Guide to Democracy Inaction
Tough Choices: A Memoir
A Hand to Guide Me
Secrets of the Millionaire Mind
Rich Dad, Poor Dad
Teacher man: A Memoir
Cat O'Nine Tales
Partners in crime
Marley and Me
Freakonomics
The World Is Flat
Screw it, let's do it
Phishing : Cutting the Identity Theft Line
Manager's Guide to the Sarbanes Oxley Act
Security and Usability
THE SEA
Great Age Guides
Seeing What's Next
Blue Ocean Strategy
Follow This Path
The GE Work-out: How to Implement GE's Revolutionary Method for Busting Bureaucracy and Attacking Organizational Problems-Fast!
Sack The CEO
Competing for the Future
The 80/20 Principle: The Secret to Success by Achieving More with Less
Bringing out the best in people
A Practical Guide to Easing Tension and Conquering Stress
Working relationships : The simple truth about getting along with friends and foes at work
101 Great Answers to the Toughest Interview Questions
Good to Great: Why Some Companies Make the Leap.. and Others Don't
Competitive Advantage (The profitability differentiator)
Competing for the Future (Blueprint for the future)
Digital Capital
Pipe Dreams (Greed, Ego and Death of Enron)
A Good Hard Kick in the Ass (New rules of business)
What the CEO Wants You to Know (Explicating the building blocks of business)
It's Not the Big that Eat the Small...It's the Fast that Eat the Slow (Reaffirms credo of Business@the speed of thought)
My Forbidden Face by Latifa (Tragedy of women in Taliban's reign of terror)
Big Brands Big Trouble (Jack Trout studies common mistakes of big brands)
No Logo (Crusade that announced death on the brand bullies)
My Pedagogic Creed (John Dewey's famous declaration concerning education)
Lexus and the Olive Tree (Anti-globalization is a search for the Sixties high)
A woman is made not born (Beauvoir's radical statement led to the second feminist movement)
Against Method(Outline of an anarchistic theory of science)
The Structure of Scientific Revolutions (A paradigmatic work that changed the history of science forever)
The Dilbert Future
(Scott Adams applies his trenchant wit to forecast life in 21st century)
Swimming Across
(Intel chairman Andy Grove's journey to freedom)
Dot Bomb (A juicy insider account of the cyber madness of the Nineties)
Jack: Straight from the Gut (The global industrial titan paints a word picture of his self)
Next: The Future Just Happened (A mordantly funny exploration of the brave new world spawned by the Internet)
The Anatomy of Buzz (A groundbreaking guide to creating word-of-mouth magic that cuts through skepticism and information overload of today's consumers)
Rebel Code (A high-velocity chronicle of the open-source transformation taking place in the tech world)
The Attention Economy (An engrossing account of the human bandwidth deficiency facing employees in the internet economy)
An Excerpt from "Second Coming of Steve Jobs" (A fascinating, complex potrait of Apple's tech magician)
IBM and the Holocaust
(A powerful expose of IBM's collusion with Nazi Germany)
An Extract from "Pride Before the Fall" (A book on Microsoft's antitrust case)
Home

Security and Usability

By Lorrie Faith Cranor and Simson Garfinkel (eds)

It is a truth universally acknowledged that most security products lack usability. In fact, as Lorrie Faith Cranor, an Associate Research Professor at Cargnegie-Mellon (formerly at AT&T Research), and Simson Garfinkel, author of a number of books on security, say here, security that is unusable isn't security at all. But does a product that's usable necessarily have to be insecure?

This book, subtitled Designing Secure Systems That People Can Use, is a collection of papers studying the question of how to build good -- that is, usable -- security, completely rejecting the traditional notion that you must trade one off against the other. Unlike most collections focusing on research, this book is strongly practical. Take passwords, for example -- the subject here of a chapter by well-known Cambridge security researcher Ross Anderson and others. Most of the rules for generating 'good' passwords violate known principles of human psychology, which comes as no surprise to anyone who's written down their randomly generated, utterly unmemorable password. Anderson and colleagues did a study to test the truth of password myths. Are mnemonic passwords actually easier or harder to remember than randomly generated ones or passphrases? How much guidance should people be given in choosing passwords? Like the other papers here, the research leads to practical recommendations.

The result is a wealth of useful information on a wide range of security topics: evaluating authentication mechanisms, designing challenge questions, the use of new technologies such as biometrics. A second section considers how to guard privacy and anonymity; Cranor's own contribution here focuses on her work on the Platform for Privacy Preferences (P3P), which is, unknown to many users, built into browsers such as Internet Explorer. The third section focuses on commercial implementations and the vendor perspective, with insider contributions covering such products as Firefox, Zone Alarm, Lotus Notes/Domino and Groove Virtual Office. A final contribution in this section is a discussion of Microsoft's user research.

The fourth and final section, 'The Classics', offers usability guidelines, more on passwords, a study of file-sharing usability focused on KaZAa and an evaluation of the encryption software PGP5.0 aimed at studying whether traditional usability standards can be appropriately applied to security products. Since PGP was in many ways the very model of the modern, unusable yet important security software, it's a good choice if you know a little Net history.

Overall, this book straddles the line between pure academic research and business practicality, so that there can be few interested in security who won't find something of value. However, Cranor and Garfinkel themselves say they expect the book to appeal to various classes of reader in the following order: researchers in the field of security and usability; then students; finally professionals.

A decade or so ago, computer usability was a relatively new field, with researchers scrambling to try to understand how to make computer systems that worked for people instead of against them. In some ways, it's astonishing that it's taken so long to begin to develop a similar set of principles for security products. But there's only one thing to say about that: it's about time.

- Wendy M Grossman (ZDNet UK)

About the author:

Dr. Lorrie Faith Cranor is a principal technical staff member in the Secure Systems Research Department at AT&T Labs-Research Shannon Laboratory in Florham Park, New Jersey. She is chair of the Platform for Privacy Preferences Project (P3P) Specification Working Group at the World Wide Web Consortium. Her research has focused on a variety of areas where technology and policy issues interact, including online privacy, electronic voting, and spam.
Dr. Cranor plays the tenor saxophone in the Chatham Community Band. She spends most of her free time with her husband, Chuck, and her son, Shane, but sometimes she finds time to design and create quilts.

Simson Garfinkel is a postdoctoral fellow at the Center for Research on Computers and Society at Harvard University's department of Electrical Engineering and Computer Science. He came to Harvard after completing his Ph.D. in Computer Security at MIT's Computer Science and Artificial Intelligence Laboratory, where he studied computer security, usability, and forensics. Garfinkel is also the founder of Sandstorm Enterprises, Inc., a supplier of computer security auditing tools. Garfinkel writes a monthly column on computer security for CSO Magazine, for which he has received the 2004 and 2005 Neal Business Journalism award. This is Garfinkel's 14th book; he doesn't have any free time.

Have you read a good book recently that is topical and useful? If you'd like to share your review, do write in to us. The review should be between 300-400 words.

Email this article | Respond to this article

-------------------------------------------------------------------------------------------------------