- Paperback: 740 pages
- Publisher: O'Reilly Media; 1 edition (September 4, 2005)
- Language: English
- ISBN-10: 0596008279
- ISBN-13: 978-0596008277
- Product Dimensions: 7 x 1.3 x 9.2 inches
- Shipping Weight: 2.3 pounds (View shipping rates and policies)
- Average Customer Review: 11 customer reviews
- Amazon Best Sellers Rank: #1,422,948 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Security and Usability: Designing Secure Systems that People Can Use 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
Customers who bought this item also bought
"It's good. Buy it for your team library." - Lindsay Marshall, news@UK, June 2006
About the Author
Dr. Lorrie Faith Cranor is an Associate Research Professor in the School of Computer Science at Carnegie Mellon University. She is a faculty member in the Institute for Software Research, International and in the Engineering and Public Policy department. She is director of the CMU Usable Privacy and Security Laboratory (CUPS).
Simson Garfinkel is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools.
Top customer reviews
This text also serves as a decent introduction to software usability in general. The papers explain the theory behind computer usability and how to conduct usability tests to find unexpected problems and iteratively improve design. But more importantly, it highlights the consequences of making trade offs between usability, security, privacy, and even budget and performance.
The editors say this is more than just a collection of academic papers, that they have made substantial changes to the originals for the purpose of having everything come together in a single volume. Yet without having read the original papers, my impression is that the only changes made were to alter the introductions of each article and to add the chapter number when one paper cites another paper included in the book.
My only real complaints are with the inclusion of now outdated topics and academic articles that focused more on defining terms and guidelines than showing anything concrete. There are only so many papers about failed and abandoned privacy management and awareness programs that I can bear to read.
The book is broken down into six sections. In the first, "Realigning Usability and Security", the reader is presented with five essays which hammer home the point that if security of applications and systems are not made user friendly, the users can and will find ways to bypass them. This may range from doing whatever they can to bypass the controls put in place to not using the systems at all. The next section, "Authentication Mechanisms", covers topics that include the evaluation of authentication mechanisms, the problems of passwords, challenge questions, biometrics and more.
The third section, "Secure Systems", covers specific issues associated wit the use of PKI, the sanitizing of equipment being disposed, desktop security, and security administration tools/practices. From here, the fourth section, "Privacy and Anonymity Systems", deals with the challenging topic of privacy. The essays in this section focus on human-computer interaction, policies, analysis and more.
The fifth section, "Commercializing Usability: The Vendor Perspective", sealed the deal from me. Why? Because it allowed the book to grow beyond a purely academic discussion to a discussion of real world challenges faced and addressed by vendors. The vendors selected - ZoneAlarm, Firefox, Microsoft, IBM/Lotus, and the now 'defunct' Groove Networks - are important because each vendor addresses important issues in strong security and IT governance as collaboration becomes more important.
The final section, "The Classics", provides 3 essays focusing on users not being the enemy, a study of KaZaA, and why people cannot encrypt.
Who Should Read This Book
The discussions presented in this book need to be discussed, even debated, if advances in the field are going to occur. And this debate should not be limited to the IT security community. This is because security is everyone's responsibility. As I said at the beginning of this review, I consider this book to be a "must read" for the information security, application development, system administration, and IT audit communities.
Eagle on a 600 yard Par 5 playing into a stiff wind