5/28/2023 0 Comments Overarching notion definition![]() ![]() Although this immediate feedback was useful to the workshop participants, it also suggests there may be a significant lack of knowledge about usability-related work among security researchers andĭespite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. “I did not know that that research existed” was a common lament heard at the workshop. Throughout the workshop, there were frequent instances in which either a computer security or a usability expert would identify a research question outside his or her area of expertise, only to receive immediate feedback from relevant experts that this particular question had already been addressed. ![]() One consequence is unfamiliarity with each other’s work. These were, at least until recently, considered distinct disciplines-most security researchers have traditionally ignored usability issues, and vice versa (and likewise for usability and privacy). Many of the workshop participants commented that working in the area of usability, security, and privacy is especially challenging because of the need for researchers who are familiar with both computer security and human-computer interaction. SCARCENESS OF EXPERTISE AND UNFAMILIARITY WITH EACH OTHER’S WORK AT THE INTERSECTION OF USABILITY, SECURITY, AND PRIVACY If researchers do gain the ability to work with corporate data, an additional challenge is that of conducting research in a way that enables repeatability. Even when researchers are able to obtain data, nondisclosure agreements may restrict their ability to publish their results. Participants noted, for example, the difficulty in obtaining data on the productivity impacts of security measures. Even data on matters less touchy than security breaches cannot be readily obtained. For example, data on industry or government computer system security breaches are generally unavailable-corporations are hesitant to disclose this information owing to the potential threat to reputation, stock price, and ongoing business and information about breaches to government computer systems is frequently treated as sensitive or classified. Several workshop participants cited the need for more and better empirical data and commented on the difficulties that they faced in gaining access to such data. Moreover, some workshop participants noted that although some activities, such as the annual Symposium on Usable Privacy and Security mentioned above, explicitly call out both terms, neither “usable security” nor “HCI-SEC” explicitly invokes issues Interestingly, usability practitioners tended to stress security issues, and security practitioners tended to stress usability issues.Īdding “privacy” to the mix complicated matters still further, as definitions of privacy were frequently based on personal philosophies and experience, perhaps reflecting the deeply personal way in which many individuals approach privacy issues. Whatever the specific term used to describe the intersection of usability, security, and privacy, each participant tended to define the area in relation to his or her own background. ![]() Another commonly used term was “HCI-SEC” (human-computer interaction–security). “Usable security” was the term frequently used to capture the notion of security measures developed with attention to usability considerations. Participants in the breakout sessions devoted considerable time and attention to terminology and definitions. ![]()
0 Comments
Leave a Reply. |