Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Questions? Call 800-624-6242

About | Ordering | New

LoginRegister

| Items in cart [0]

PAPERBACK
price:$21.00
add to cart

Rights & Permissions

Free PDF Access

Free Resources

Related Titles

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop (2010)
Computer Science and Telecommunications Board (CSTB)

Citation Manager Export the bibliographic data for this book in your chosen format
Web Search Builder Use this book's key terms to search within this book, across our collection, or across the Web.
Skim This Chapter Skim this chapter and use this chapter's key terms to search within this book.
Reference Finder Paste in your own text to find books that relate to your topic.

Citation Manager

. "5 Overarching Challenges to Advancing Research in Usability, Security, and Privacy." Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop. Washington, DC: The National Academies Press, 2010.

Please select a format:

Page
38


E-mail Share on facebook Facebook Share on delicious Delicious Share on stumbleupon Stumble Share on twitter Twitter More Sharing ServicesMore

The following HTML text is provided to enhance online readability. Many aspects of typography translate only awkwardly to HTML. Please use the page image as the authoritative form to ensure accuracy.

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

related to privacy, despite the technical and policy links between the two concerns. Some may immediately associate privacy issues with the term “security,” but this is not universally true. Agreeing to a common definition or term that was inclusive of the concept of privacy proved challenging throughout the workshop.

LIMITED ACCESS TO DATA

Several workshop participants cited the need for more and better empirical data and commented on the difficulties that they faced in gaining access to such data. For example, data on industry or government computer system security breaches are generally unavailable—corporations are hesitant to disclose this information owing to the potential threat to reputation, stock price, and ongoing business; and information about breaches to government computer systems is frequently treated as sensitive or classified. Even data on matters less touchy than security breaches cannot be readily obtained. Participants noted, for example, the difficulty in obtaining data on the productivity impacts of security measures. Even when researchers are able to obtain data, nondisclosure agreements may restrict their ability to publish their results. If researchers do gain the ability to work with corporate data, an additional challenge is that of conducting research in a way that enables repeatability.

SCARCENESS OF EXPERTISE AND UNFAMILIARITY WITH EACH OTHER’S WORK AT THE INTERSECTION OF USABILITY, SECURITY, AND PRIVACY

Many of the workshop participants commented that working in the area of usability, security, and privacy is especially challenging because of the need for researchers who are familiar with both computer security and human-computer interaction. These were, at least until recently, considered distinct disciplines—most security researchers have traditionally ignored usability issues, and vice versa (and likewise for usability and privacy).

One consequence is unfamiliarity with each other’s work. Throughout the workshop, there were frequent instances in which either a computer security or a usability expert would identify a research question outside his or her area of expertise, only to receive immediate feedback from relevant experts that this particular question had already been addressed. “I did not know that that research existed” was a common lament heard at the workshop. Although this immediate feedback was useful to the workshop participants, it also suggests there may be a significant lack of knowledge about usability-related work among security researchers and