ProductsMonday2
?
Security Products
HUMAN-CENTRED SECURITY
Bottom Line
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Don�t make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
A. Virus Protection Software
B. Spyware Protection
C. Securing Home Network
D. Sharing legal, but indecent images.
E. Configure social networking account
F. Authenticating themselves on systems
G. Encrypting their data
H. Sharing information with physical strangers
I. Backing up data/data on the cloud
J. Adding PINs to things like phones & voicemail
K. Spotting phishing Messages
L. Software updates
What do End-Users need to use?
• Teams consider an area.
– Produce an overview of the area
– Answer the four points
– Produce presentation
– Upload to Moodle
– Break
– Present
– Consider common themes
Activity
A. Virus Protection Software
B. Spyware Protection
C. Securing Home Network
D. Sharing legal, but indecent images.
E. Configure social networking account
F. Authenticating themselves on systems
G. Encrypting their data
H. Sharing information with physical strangers
I. Backing up data/data on the cloud
J. Adding PINs to things like phones & voicemail
K. Spotting phishing Messages
L. Software updates
What do End-Users need to use?
1. Auburn
2. Avocado
3. Azure
4. Burgundy
5. Denim
6. Lime
7. Mint
8. Periwinkle
9. Pistachio
10.Raspberry
11.Ruby
12.Sapphire
Bottom Line
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Don�t make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
Virus Protection
Software
• 25 percent of the users admitted to turning
off their anti-virus protection because they
thought those programs were slowing down
their computers
Virus Protection Software
Spyware
Protection
Software
Spyware Protection
Home Network
Configuration
WiFi Configuration
Sharing legal, but
indecent images.
http://www.telegraph.co.uk/women/womens-health/10985660/Sexting-scare-6-
sexting-myths-busted.html
• “The law doesn’t distinguish between an indecent image
of you and an indecent image of someone else.”
• “It’s an offence to send grossly offensive communications
to someone else. It’s conceivable that [a naked sext]
could offend. If you send someone a picture of a penis,
that might be taken offensively.”
• “When you create a photo, as the creator you
automatically become the owner of the copyright.
Anyone who’s taking a risqué picture and sending it to
their partner, they’ll own the copyright.”
Sharing indecent images
Configuring Social
Networking
Service
https://www.theguardian.com/technology/2016/jun/29/facebook-privacy-secret-profile-
exposed
Authentication
Authenticating
• People are poor at
password
management
• One time
passwords can be
easy to use (if you
can see properly)
Password Management
Encrypting
Encrypting Hard Drives
It�s smart to encrypt USB memory devices,
but it�s stupid to attach the encryption key
to the device. Health bosses today admitted
the memory stick was encrypted, but the
password had been attached to the device
when it went missing. I�m sure they were so
proud that they chose a secure encryption
algorithm.
Stupid Security Tricks: Key
Management
Sharing
information with
physical strangers
https://www.theguardian.com/uk/2011/apr/08/cyberstalking-study-victims-men
Backups
Backing Up
http://www.pcadvisor.co.uk/news/laptop/3286081/46-of-
brits-dont-back-up-their-mobile-or-laptop/
Using the Cloud
Mobile Devices
http://www.bitdefender.com/security/users-
confused-about-smartphone-security.html
Protecting Smart Phones
Voicemail Pins
Protecting Voicemail
Falling for Phishing
http://www.zdnet.com/blog/security/survey-
millions-of-users-open-spam-emails-click-
on-links/5889
SPAM
Software Updates
https://www.computerworld.com/article/2504261/enterprise-applications/quarter-of-
users-see-no-benefit-in-updating-software.html
Encrypting Email
• I don’t ever send email that is digitally-signed
because I don’t know how (44.8%)
• I’m sorry, but I don’t understand what you
mean by “digitally-signed. (24.1%)
• I would like to manually control how each
email message is saved (sealed, unsealed, or
unsealed and re-encrypted.) – 50%
Encrypting Email Survey
http://simson.net/ref/2004/smim
e-survey.html
Encrypting Email
Understanding Security
• 12255 laptops lost per week at US airports
• 19% whole disk encryption
• 19% file encryption
• 45% password login
• People don�t use encryption because it is
hard to use
Insecure Behaviour
Behving Securely
Common Wisdom
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Don�t make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
Common Wisdom
Security software needs to be usable if
the people who are expected to use it
People also need to see the need to use it
They need the time and wherewithal
(support) to use it
Just making it usable won’t work!
UNSEEN EXAMPLE
Example
Bottom Line
Security software is usable if the people
who are expected to use it:
1.Are reliably made aware of the security
tasks they need to perform
2.Are able to figure out how to
successfully perform those tasks
3.Don�t make dangerous errors
4.Are sufficiently comfortable with the
interface to continue using it
COMMON THEMES AND
CHALLENGES
Challenges
Challenges
• people are often perceived as the weakest link in the security
process.
• often think of users are lazy, stupid or that they do not care.
• assumption simply because someone is able to perform a task, they
are motivated to do so.
• many users will weigh up the costs and benefits of the security task.
• users looks for benefits in their everyday lives – authentication is
always a secondary task
• in larger groups / organisations / circles – trust is an important
component – but in many organisations we may perceive individuals
are untrustworthy components
• research indicates that good people, sometimes do not comply with
the rules of policies.