REVIEW: "Security and Usability", Lorrie Faith Cranor/Simson Garfinkel

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Nov 17, 2009.

  1. BKSECUSA.RVW 20090727

    "Security and Usability", Lorrie Faith Cranor/Simson Garfinkel, 2005,
    0-596-00827-9, U$44.95/C$62.95
    %E Lorrie Faith Cranor
    %E Simson Garfinkel
    %C 103 Morris Street, Suite A, Sebastopol, CA 95472
    %D 2005
    %G 0-596-00827-9
    %I O'Reilly & Associates, Inc.
    %O U$44.95/C$62.95 800-998-9938 fax: 707-829-0104
    %O http://www.amazon.com/exec/obidos/ASIN/0596008279/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/0596008279/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/0596008279/robsladesin03-20
    %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
    %P 714 p.
    %T "Security and Usability"

    The editors state that they intended this collection of essays more to
    address the academic, than the practical, side of the security field.
    Thus, the papers are chosen to reflect theory and principle, rather
    than specific practice. A prudent choice, since theory dates less
    quickly than specific procedure.

    The thirty-four compositions in this work are divided into six
    sections. Part one states that security and usability are not
    antithetical, part two addresses authentication mechanisms and
    techniques, part three examines how system software can contribute to
    security, part four deals with privacy controls, part five examines
    the vendor perspective of provision of security, while part six
    finishes off the book with a few papers considered to be of lasting
    value.

    The papers contain interesting points, but sometimes both theoretical
    and practical utility are lacking. For example the first paper,
    entitled "Psychological Acceptability Revisited," challenges the idea
    that security mechanisms must be complex and difficult to use in order
    to be effective. Unfortunately, while the author clearly demonstrates
    that a system can be both insecure and useless, he does not prove the
    opposite, which is the condition we want. A good many papers simply
    state that human factors should be considered, and that security
    provisions should be usable: these points are true, but not helpful.
    With one exception (a good paper on password choice) all the pieces on
    authentication present research having nothing to do with usability.
    Most of the papers in the book describe security research that is
    interesting, and which frequently has relations with human factors,
    but the relevance to the provision of systems that are both usable and
    secure is not often clear.

    Even as a compilation of security bedtime reading, the essays
    collected in this volume are somewhat lacking. In terms of both
    principles and practice, any volume of the "Information Security
    Management Handbook" (cf. BKINSCMH.RVW) has superior selection, and
    better structure, as well.

    copyright Robert M. Slade, 2009 BKSECUSA.RVW 20090727

    --
    ======================

    "Dictionary of Information Security," Syngress 1597491152
    http://blogs.securiteam.com/index.php/archives/author/p1/
    http://blog.isc2.org/isc2_blog/slade/index.html
    http://twitter.com/rslade http://twitter.com/NoticeBored
    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    CISSP refs: [Base URL]mnbksccd.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    or
    Rob Slade, doting grandpa of Ryan and Trevor, Nov 17, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Briscobar
    Replies:
    1
    Views:
    538
    Rowdy Yates
    Feb 12, 2005
  2. The Poet

    faith

    The Poet, Nov 18, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    609
    Miggsee
    Nov 19, 2003
  3. Mik the cyst-crusher

    Re: Religion vs. Faith

    Mik the cyst-crusher, Mar 30, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    646
    chrisv
    Mar 30, 2005
  4. RFCSAC627N
    Replies:
    9
    Views:
    619
    Black Locust
    Oct 18, 2004
  5. John Metzger
    Replies:
    0
    Views:
    537
    John Metzger
    Sep 19, 2006
Loading...

Share This Page