Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use, configure, or operate systems in ways that are inadvertently insecure. Moreover, security and privacy technologies originally were developed in a context in which system administrators had primary responsibility for security and privacy protections and in which the users tended to be sophisticated. Today, the user base is much wider--including the vast majority of employees in many organizations and a large fraction of households--but the basic models for security and privacy are essentially unchanged.
Security features can be clumsy and awkward to use and can present significant obstacles to getting work done. As a result, cybersecurity measures are all too often disabled or bypassed by the users they are intended to protect. Similarly, when security gets in the way of functionality, designers and administrators deemphasize it.
The result is that end users often engage in actions, knowingly or unknowingly, that compromise the security of computer systems or contribute to the unwanted release of personal or other confidential information. Toward Better Usability, Security, and Privacy of Information Technology discusses computer system security and privacy, their relationship to usability, and research at their intersection.
Table of Contents
|1 Overview of Security, Privacy, and Usability||1-6|
|2 Framing the Security and Usability Challenges||7-10|
|3 Current Research at the Intersection of Usability, Security, and Privacy||11-23|
|4 Some Potential Research Directions for Furthering the Usability, Security, and Privacy of Computer Systems||24-36|
|5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy||37-40|
|Appendix A: Workshop Agenda||43-45|
|Appendix B: Workshop Participants||46-49|
|Appendix C: Biosketches of Steering Committee Members and Staff||50-56|
The National Academies Press (NAP) has partnered with Copyright Clearance Center's Rightslink service to offer you a variety of options for reusing NAP content. Through Rightslink, you may request permission to reprint NAP content in another publication, course pack, secure website, or other media. Rightslink allows you to instantly obtain permission, pay related fees, and print a license directly from the NAP website. The complete terms and conditions of your reuse license can be found in the license agreement that will be made available to you during the online order process. To request permission through Rightslink you are required to create an account by filling out a simple online form. The following list describes license reuses offered by the National Academies Press (NAP) through Rightslink:
Click here to obtain permission for the above reuses. If you have questions or comments concerning the Rightslink service, please contact:
Rightslink Customer Care
Tel (toll free): 877/622-5543
To request permission to distribute a PDF, please contact our Customer Service Department at 800-624-6242 for pricing.
To request permission to translate a book published by the National Academies Press or its imprint, the Joseph Henry Press, please click here to view more information.