Toward Better Usability, Security, and Privacy of Information Technology Report of a Workshop (2010) / Chapter Skim
Currently Skimming:
3 Current Research at the Intersection of Usability, Security, and Privacy
3 Current Research at the Intersection of Usability, Security, and Privacy
Pages 11-23
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 11... ...
Lorrie Faith Cranor's presentation addressed ar eas in which usability research is needed in order to provide more effec tive privacy protection and explored areas in which some privacy goals may appear to conflict with other privacy goals, usability goals, or secu rity goals. Cranor began her talk by observing that privacy is hard to define, and quoted from a paper by Robert C
|
From page 12... ...
Although work in the past has often focused on information collected by Web sites, a wide array of current and emerging technologies will have significant impacts on privacy, including behavioral advertising, social networks, deep packet inspection, server log files, and location sharing. All of these technologies raise questions about how to commu nicate meaningfully about the effects that these technologies will have on privacy and about how to help people understand privacy risks that may seem distant or not relevant to them today.
|
From page 13... ...
Examples of such conflicts involve not only information used to improve application functionality but also information used to automate privacy configurations. Similar tensions arise between privacy and other interests, such as the need to store access data for auditing purposes versus the need to protect employee privacy, or the needs of law enforcement versus the need to discard information to protect privacy.
|
From page 14... ...
What economic and legal policies can be implemented to change the incentives of users, software and hardware companies, firms conducting electronic commerce, and companies providing online services such as search so that they are closer to maximizing social benefit? What are some possible economic motivators for usable security and privacy from the perspective of the end user, private companies, and society?
|
From page 15... ...
Other firms, such as online advertisers, tend to favor more retention or disclosure of private informa tion so that they can use this information to identify products and services that better match consumer preferences. Economides observed that, as a result, a very secure online world in which users are made fully aware of the impact of disclosures of their private information would cut into the profits of these firms.
|
From page 16... ...
Economides closed by posing the following key questions regarding incentives for security and privacy: • How can society best deal with the negative externality for the network and society that is created by the lack of usable security of indi vidual network nodes? • How can positive and negative, monetary, and nonmonetary incen tives be provided to both users and privatesector firms to reduce or eliminate the negative externality?
|
From page 17... ...
(ANGELA SASSE) Angela Sasse started with the observation that usercentered approaches to designing technology start with understanding user requirements.
|
From page 18... ...
The impacts of security extend beyond business efficiency to employee behavior, trust, and goodwill. These costs and benefits are weighed in each decision about whether or not to comply with security measures.
|
From page 19... ...
FEEDING PRACTICE bACk INTO RESEARCH (MARy ELLEN zuRkO) Mary Ellen Zurko discussed how to integrate lessons learned from practice into research thinking, noting that not only should research results inform practice, but practice and realworld experience with devel opment, deployment, and use also should inform research.
|
From page 20... ...
Zurko proposed a number of ideas that would encourage a greater emphasis on technology transfer concerns within the context of the research environment. Most obviously, funding specifically targeted at usable security research addressing uptake issues would drive progress in that area.
|
From page 21... ...
Espionage, intellectual property theft, and sabotage involving computer networks are among the most pressing cybersecurity challenges that threaten government and the private sec tor. Surveys reveal that current or former employees and contractors are the secondgreatest cybersecurity threat, exceeded only by hackers.
|
From page 22... ...
Shari Lawrence Pfleeger and Joel Predd at RAND have developed a framework for understanding the insider threat and a taxon omy for describing insider actions, and they are developing a framework for response to the insider threat. Frank Greitzer at the Pacific Northwest National Laboratory is looking at behavioral data to support predictive modeling and analysis in order to improve situational awareness for the security analyst, facilitate response coordination, and help the analyst focus on the highestrisk activities.
|
From page 23... ...
• What are the implications of preinterventional activities such as monitoring and the collection of data and predictive modeling? How might they affect morale or violate employee trust or legal guidelines?
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.