biometrics and usability march 21, 2008 poor usability: the inherent insider threat information...
TRANSCRIPT
![Page 1: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/1.jpg)
Biometrics and UsabilityBiometrics and Usability
March 21, 2008
Poor Usability: The Inherent Insider Threat
Information Access DivisionVisualization and Usability Group
Mary Theofanos
![Page 2: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/2.jpg)
2
Biometrics and UsabilityBiometrics and Usability
2
![Page 3: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/3.jpg)
3
Biometrics and UsabilityBiometrics and Usability
3
![Page 4: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/4.jpg)
4
Biometrics and UsabilityBiometrics and Usability
4
Is it because the User is:
Careless and Ignorant
OR
Frustrated and Overwhelmed
![Page 5: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/5.jpg)
5
Biometrics and UsabilityBiometrics and Usability
5
ISO 9241-11 defines usability as:
“the extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use”
ISO 9241-11 defines usability as:
“the extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use”
![Page 6: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/6.jpg)
6
Biometrics and UsabilityBiometrics and Usability
6
Policy Makers
Security Organization
End-Users
![Page 7: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/7.jpg)
7
Biometrics and UsabilityBiometrics and Usability
7
End-User Task oriented – production tasks vs supporting tasks Performance metric: efficiency, effectiveness of
production tasks The organization’s mission relies on the production
tasks
Security Organization Security is the production task Performance metric: how secure Mission is Security but how does it relate to overall
mission of the larger organization
![Page 8: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/8.jpg)
8
Biometrics and UsabilityBiometrics and Usability
8
Impossible demands
Need --Value
Complexity
Awkward Behavior
![Page 9: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/9.jpg)
9
Biometrics and UsabilityBiometrics and Usability
9
Differences in physical location and devices influence usage
Laptop
Desktop
Office, Home, Airport, Battlefield
![Page 10: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/10.jpg)
10
Biometrics and UsabilityBiometrics and Usability
10
In favor of the Security Organization
“Command and Control” approach Policies constructed top-down, enforced
through sanctions Compliance monitored by checklists One size fits all
![Page 11: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/11.jpg)
11
Biometrics and UsabilityBiometrics and Usability
11
Integrate Security and Usability
Include usability in software development cycle
Apply user-centered design to security design
Establish a partnership with users
![Page 12: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/12.jpg)
12
Biometrics and UsabilityBiometrics and Usability
12
Easier to implement security policies, processes and procedures
Encourages users to follow good security practices
Reduces users inadvertently undermining security
![Page 13: Biometrics and Usability March 21, 2008 Poor Usability: The Inherent Insider Threat Information Access Division Visualization and Usability Group Mary](https://reader035.vdocuments.us/reader035/viewer/2022062423/56649eb45503460f94bbbded/html5/thumbnails/13.jpg)
13
Biometrics and UsabilityBiometrics and Usability
13
The goal is to build systems that are actually secure not theoretically secure:
Security Mechanisms have to be usable in order to be effective