Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Security and Usability", Lorrie Faith Cranor/Simson Garfinkel

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKSECUSA.RVW 20090727 Security and Usability , Lorrie Faith Cranor/Simson Garfinkel, 2005, 0-596-00827-9, U$44.95/C$62.95 %E Lorrie Faith Cranor %E
    Message 1 of 1 , Nov 17, 2009
    • 0 Attachment
      BKSECUSA.RVW 20090727

      "Security and Usability", Lorrie Faith Cranor/Simson Garfinkel, 2005,
      0-596-00827-9, U$44.95/C$62.95
      %E Lorrie Faith Cranor
      %E Simson Garfinkel
      %C 103 Morris Street, Suite A, Sebastopol, CA 95472
      %D 2005
      %G 0-596-00827-9
      %I O'Reilly & Associates, Inc.
      %O U$44.95/C$62.95 800-998-9938 fax: 707-829-0104 nuts@...
      %O http://www.amazon.com/exec/obidos/ASIN/0596008279/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0596008279/robsladesinte-21
      %O http://www.amazon.ca/exec/obidos/ASIN/0596008279/robsladesin03-20
      %O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 714 p.
      %T "Security and Usability"

      The editors state that they intended this collection of essays more to
      address the academic, than the practical, side of the security field.
      Thus, the papers are chosen to reflect theory and principle, rather
      than specific practice. A prudent choice, since theory dates less
      quickly than specific procedure.

      The thirty-four compositions in this work are divided into six
      sections. Part one states that security and usability are not
      antithetical, part two addresses authentication mechanisms and
      techniques, part three examines how system software can contribute to
      security, part four deals with privacy controls, part five examines
      the vendor perspective of provision of security, while part six
      finishes off the book with a few papers considered to be of lasting
      value.

      The papers contain interesting points, but sometimes both theoretical
      and practical utility are lacking. For example the first paper,
      entitled "Psychological Acceptability Revisited," challenges the idea
      that security mechanisms must be complex and difficult to use in order
      to be effective. Unfortunately, while the author clearly demonstrates
      that a system can be both insecure and useless, he does not prove the
      opposite, which is the condition we want. A good many papers simply
      state that human factors should be considered, and that security
      provisions should be usable: these points are true, but not helpful.
      With one exception (a good paper on password choice) all the pieces on
      authentication present research having nothing to do with usability.
      Most of the papers in the book describe security research that is
      interesting, and which frequently has relations with human factors,
      but the relevance to the provision of systems that are both usable and
      secure is not often clear.

      Even as a compilation of security bedtime reading, the essays
      collected in this volume are somewhat lacking. In terms of both
      principles and practice, any volume of the "Information Security
      Management Handbook" (cf. BKINSCMH.RVW) has superior selection, and
      better structure, as well.

      copyright Robert M. Slade, 2009 BKSECUSA.RVW 20090727


      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      My idea would be to hang a few of the offenders. This would not
      only get rid of some but would discourage the development of
      others. It would be a saving of lives to do it.
      - Major Frank Moorman on WWI soldiers developing crypto `shortcuts'
      victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
      http://blogs.securiteam.com/index.php/archives/author/p1/
      http://twitter.com/NoticeBored http://twitter.com/rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.