- Paperback: 740 pages
- Publisher: O'Reilly Media; 1 edition (September 4, 2005)
- Language: English
- ISBN-10: 0596008279
- ISBN-13: 978-0596008277
- Product Dimensions: 7 x 1.3 x 9.2 inches
- Shipping Weight: 2.3 pounds (View shipping rates and policies)
- Average Customer Review: 11 customer reviews
- Amazon Best Sellers Rank: #1,096,176 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Security and Usability: Designing Secure Systems that People Can Use 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Customers who viewed this item also viewed
Customers who bought this item also bought
"It's good. Buy it for your team library." - Lindsay Marshall, news@UK, June 2006
About the Author
Dr. Lorrie Faith Cranor is an Associate Research Professor in the School of Computer Science at Carnegie Mellon University. She is a faculty member in the Institute for Software Research, International and in the Engineering and Public Policy department. She is director of the CMU Usable Privacy and Security Laboratory (CUPS).
Simson Garfinkel is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
The book is broken down into six sections. In the first, "Realigning Usability and Security", the reader is presented with five essays which hammer home the point that if security of applications and systems are not made user friendly, the users can and will find ways to bypass them. This may range from doing whatever they can to bypass the controls put in place to not using the systems at all. The next section, "Authentication Mechanisms", covers topics that include the evaluation of authentication mechanisms, the problems of passwords, challenge questions, biometrics and more.
The third section, "Secure Systems", covers specific issues associated wit the use of PKI, the sanitizing of equipment being disposed, desktop security, and security administration tools/practices. From here, the fourth section, "Privacy and Anonymity Systems", deals with the challenging topic of privacy. The essays in this section focus on human-computer interaction, policies, analysis and more.
The fifth section, "Commercializing Usability: The Vendor Perspective", sealed the deal from me. Why? Because it allowed the book to grow beyond a purely academic discussion to a discussion of real world challenges faced and addressed by vendors. The vendors selected - ZoneAlarm, Firefox, Microsoft, IBM/Lotus, and the now 'defunct' Groove Networks - are important because each vendor addresses important issues in strong security and IT governance as collaboration becomes more important.
The final section, "The Classics", provides 3 essays focusing on users not being the enemy, a study of KaZaA, and why people cannot encrypt.
Who Should Read This Book
The discussions presented in this book need to be discussed, even debated, if advances in the field are going to occur. And this debate should not be limited to the IT security community. This is because security is everyone's responsibility. As I said at the beginning of this review, I consider this book to be a "must read" for the information security, application development, system administration, and IT audit communities.
Eagle on a 600 yard Par 5 playing into a stiff wind
In the exciting new book 'Security and Usability' by O'Reilly, 34 papers are published all in one text that examine this issue in a thorough and interesting manner.
The topics are broken up into the following parts:
Realigning Usability and Security
Privacy and Anonymity Systems
Commercializing Usability: The Vendor Perspective
With so many different papers it's nearly impossible to discuss the book as a whole, better leaving each paper/analysis to speak for itself. If for nothing else, the "Classics" section featuring the following 3 papers are probably the highlight of this book:
Users Are Not the Enemy by Anne Adams and M. Angela Sasse
Usability and Privacy: A Study of KaZaA P2P File Sharing by Nathaniel S. Good and Aaron Krekelberg
Why Johnny Can't Encrypt by Alma Whitten and J.D. Tygar
For any engineer or user that finds the topic of how to make a system/application that is very secure and very usable (a need for nearly anything used on the computer in this day and age), this is an important text that brings the topic together in one place. This is a book that will probably be required reading for any college course in security concerns, and it's well worth the read.
***** HIGHLY RECOMMENDED