程序代写代做代考 algorithm ProductsMonday2

ProductsMonday2

?
Security Products

HUMAN-CENTRED SECURITY

Bottom Line

Security software is usable if the people
who are expected to use it:

1.Are reliably made aware of the security
tasks they need to perform

2.Are able to figure out how to
successfully perform those tasks

3.Don�t make dangerous errors
4.Are sufficiently comfortable with the

interface to continue using it

A. Virus Protection Software
B. Spyware Protection
C. Securing Home Network
D. Sharing legal, but indecent images.
E. Configure social networking account
F. Authenticating themselves on systems
G. Encrypting their data
H. Sharing information with physical strangers
I. Backing up data/data on the cloud
J. Adding PINs to things like phones & voicemail
K. Spotting phishing Messages
L. Software updates

What do End-Users need to use?

• Teams consider an area.
– Produce an overview of the area
– Answer the four points
– Produce presentation
– Upload to Moodle
– Break
– Present
– Consider common themes

Activity

A. Virus Protection Software
B. Spyware Protection
C. Securing Home Network
D. Sharing legal, but indecent images.
E. Configure social networking account
F. Authenticating themselves on systems
G. Encrypting their data
H. Sharing information with physical strangers
I. Backing up data/data on the cloud
J. Adding PINs to things like phones & voicemail
K. Spotting phishing Messages
L. Software updates

What do End-Users need to use?

1. Auburn
2. Avocado
3. Azure
4. Burgundy
5. Denim
6. Lime
7. Mint
8. Periwinkle
9. Pistachio
10.Raspberry
11.Ruby
12.Sapphire

Bottom Line

Security software is usable if the people
who are expected to use it:

1.Are reliably made aware of the security
tasks they need to perform

2.Are able to figure out how to
successfully perform those tasks

3.Don�t make dangerous errors
4.Are sufficiently comfortable with the

interface to continue using it

Virus Protection
Software

• 25 percent of the users admitted to turning
off their anti-virus protection because they
thought those programs were slowing down
their computers

Virus Protection Software

Spyware
Protection
Software

Spyware Protection

Home Network
Configuration

WiFi Configuration

Sharing legal, but
indecent images.

http://www.telegraph.co.uk/women/womens-health/10985660/Sexting-scare-6-
sexting-myths-busted.html

• “The law doesn’t distinguish between an indecent image
of you and an indecent image of someone else.”

• “It’s an offence to send grossly offensive communications
to someone else. It’s conceivable that [a naked sext]
could offend. If you send someone a picture of a penis,
that might be taken offensively.”

• “When you create a photo, as the creator you
automatically become the owner of the copyright.
Anyone who’s taking a risqué picture and sending it to
their partner, they’ll own the copyright.”

Sharing indecent images

Configuring Social
Networking
Service

https://www.theguardian.com/technology/2016/jun/29/facebook-privacy-secret-profile-
exposed

Authentication

Authenticating

• People are poor at
password
management

• One time
passwords can be
easy to use (if you
can see properly)

Password Management

Encrypting

Encrypting Hard Drives

It�s smart to encrypt USB memory devices,
but it�s stupid to attach the encryption key
to the device. Health bosses today admitted
the memory stick was encrypted, but the
password had been attached to the device
when it went missing. I�m sure they were so
proud that they chose a secure encryption
algorithm.

Stupid Security Tricks: Key
Management

Sharing
information with
physical strangers

https://www.theguardian.com/uk/2011/apr/08/cyberstalking-study-victims-men

Backups

Backing Up

http://www.pcadvisor.co.uk/news/laptop/3286081/46-of-
brits-dont-back-up-their-mobile-or-laptop/

Using the Cloud

Mobile Devices

http://www.bitdefender.com/security/users-
confused-about-smartphone-security.html

Protecting Smart Phones

Voicemail Pins

Protecting Voicemail

Falling for Phishing

http://www.zdnet.com/blog/security/survey-
millions-of-users-open-spam-emails-click-
on-links/5889

SPAM

Software Updates

https://www.computerworld.com/article/2504261/enterprise-applications/quarter-of-
users-see-no-benefit-in-updating-software.html

Encrypting Email

• I don’t ever send email that is digitally-signed
because I don’t know how (44.8%)

• I’m sorry, but I don’t understand what you
mean by “digitally-signed. (24.1%)

• I would like to manually control how each
email message is saved (sealed, unsealed, or
unsealed and re-encrypted.) – 50%

Encrypting Email Survey
http://simson.net/ref/2004/smim
e-survey.html

Encrypting Email

Understanding Security

• 12255 laptops lost per week at US airports
• 19% whole disk encryption
• 19% file encryption
• 45% password login
• People don�t use encryption because it is
hard to use

Insecure Behaviour

Behving Securely

Common Wisdom

Security software is usable if the people
who are expected to use it:

1.Are reliably made aware of the security
tasks they need to perform

2.Are able to figure out how to
successfully perform those tasks

3.Don�t make dangerous errors
4.Are sufficiently comfortable with the

interface to continue using it

Common Wisdom

Security software needs to be usable if
the people who are expected to use it

People also need to see the need to use it
They need the time and wherewithal

(support) to use it
Just making it usable won’t work!

UNSEEN EXAMPLE

Example

Bottom Line

Security software is usable if the people
who are expected to use it:

1.Are reliably made aware of the security
tasks they need to perform

2.Are able to figure out how to
successfully perform those tasks

3.Don�t make dangerous errors
4.Are sufficiently comfortable with the

interface to continue using it

COMMON THEMES AND
CHALLENGES

Challenges

Challenges
• people are often perceived as the weakest link in the security

process.
• often think of users are lazy, stupid or that they do not care.
• assumption simply because someone is able to perform a task, they

are motivated to do so.
• many users will weigh up the costs and benefits of the security task.
• users looks for benefits in their everyday lives – authentication is

always a secondary task
• in larger groups / organisations / circles – trust is an important

component – but in many organisations we may perceive individuals
are untrustworthy components

• research indicates that good people, sometimes do not comply with
the rules of policies.