Toward Better Usability, Security, and Privacy of Information Technology

Toward Better Usability, Security, and Privacy of Information Technology PDF Author: Steering Committee on the Usability Security and Privacy of Computer Systems
Publisher:
ISBN: 9780309383448
Category :
Languages : en
Pages : 70

Get Book Here

Book Description
Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use, configure, or operate systems in ways that are inadvertently insecure. Moreover, security and privacy technologies originally were developed in a context in which system administrators had primary responsibility for security and privacy protections and in which the users tended to be sophisticated. Today, the user base is much wider--including the vast majority of employees in many organizations and a large fraction of households--but the basic models for security and privacy are essentially unchanged. Security features can be clumsy and awkward to use and can present significant obstacles to getting work done. As a result, cybersecurity measures are all too often disabled or bypassed by the users they are intended to protect. Similarly, when security gets in the way of functionality, designers and administrators deemphasize it. The result is that end users often engage in actions, knowingly or unknowingly, that compromise the security of computer systems or contribute to the unwanted release of personal or other confidential information. "Toward Better Usability, Security, and Privacy of Information Technology" discusses computer system security and privacy, their relationship to usability, and research at their intersection.

Toward Better Usability, Security, and Privacy of Information Technology

Toward Better Usability, Security, and Privacy of Information Technology PDF Author: National Research Council
Publisher: National Academies Press
ISBN: 0309160901
Category : Computers
Languages : en
Pages : 70

Get Book Here

Book Description
Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use, configure, or operate systems in ways that are inadvertently insecure. Moreover, security and privacy technologies originally were developed in a context in which system administrators had primary responsibility for security and privacy protections and in which the users tended to be sophisticated. Today, the user base is much wider-including the vast majority of employees in many organizations and a large fraction of households-but the basic models for security and privacy are essentially unchanged. Security features can be clumsy and awkward to use and can present significant obstacles to getting work done. As a result, cybersecurity measures are all too often disabled or bypassed by the users they are intended to protect. Similarly, when security gets in the way of functionality, designers and administrators deemphasize it. The result is that end users often engage in actions, knowingly or unknowingly, that compromise the security of computer systems or contribute to the unwanted release of personal or other confidential information. Toward Better Usability, Security, and Privacy of Information Technology discusses computer system security and privacy, their relationship to usability, and research at their intersection.

Human Aspects of Information Security, Privacy, and Trust

Human Aspects of Information Security, Privacy, and Trust PDF Author: Theo Tryfonas
Publisher: Springer
ISBN: 3319203762
Category : Computers
Languages : en
Pages : 730

Get Book Here

Book Description
This book constitutes the proceedings of the Third International Conference on Human Aspects of Information Security, Privacy, and Trust, HAS 2015, held as part of the 17th International Conference on Human-Computer Interaction, HCII 2015, held in Los Angeles, CA, USA, in August 2015 and received a total of 4843 submissions, of which 1462 papers and 246 posters were accepted for publication after a careful reviewing process. These papers address the latest research and development efforts and highlight the human aspects of design and use of computing systems. The papers thoroughly cover the entire field of Human-Computer Interaction, addressing major advances in knowledge and effective use of computers in a variety of application areas. The 62 papers presented in the HAS 2015 proceedings are organized in topical sections as follows: authentication, cybersecurity, privacy, security, and user behavior, security in social media and smart technologies, and security technologies.

At the Nexus of Cybersecurity and Public Policy

At the Nexus of Cybersecurity and Public Policy PDF Author: National Research Council
Publisher: National Academies Press
ISBN: 0309303214
Category : Computers
Languages : en
Pages : 170

Get Book Here

Book Description
We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together - the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities? At the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace.

Usable Security

Usable Security PDF Author: Simson Garfinkel
Publisher: Springer Nature
ISBN: 3031023439
Category : Computers
Languages : en
Pages : 150

Get Book Here

Book Description
There has been roughly 15 years of research into approaches for aligning research in Human Computer Interaction with computer Security, more colloquially known as ``usable security.'' Although usability and security were once thought to be inherently antagonistic, today there is wide consensus that systems that are not usable will inevitably suffer security failures when they are deployed into the real world. Only by simultaneously addressing both usability and security concerns will we be able to build systems that are truly secure. This book presents the historical context of the work to date on usable security and privacy, creates a taxonomy for organizing that work, outlines current research objectives, presents lessons learned, and makes suggestions for future research.

Privacy Research and Best Practices

Privacy Research and Best Practices PDF Author: National Academies of Sciences, Engineering, and Medicine
Publisher: National Academies Press
ISBN: 0309389224
Category : Computers
Languages : en
Pages : 67

Get Book Here

Book Description
Recent disclosures about the bulk collection of domestic phone call records and other signals intelligence programs have stimulated widespread debate about the implications of such practices for the civil liberties and privacy of Americans. In the wake of these disclosures, many have identified a need for the intelligence community to engage more deeply with outside privacy experts and stakeholders. At the request of the Office of the Director of National Intelligence, the National Academies of Sciences, Engineering, and Medicine convened a workshop to address the privacy implications of emerging technologies, public and individual preferences and attitudes toward privacy, and ethical approaches to data collection and use. This report summarizes discussions between experts from academia and the private sector and from the intelligence community on private sector best practices and privacy research results.

Terrorism: Commentary on Security Documents Volume 140

Terrorism: Commentary on Security Documents Volume 140 PDF Author: Douglas Lovelace
Publisher: Oxford University Press, USA
ISBN: 0199351112
Category : Law
Languages : en
Pages : 374

Get Book Here

Book Description
Terrorism: Commentary on Security Documents is a series that provides primary source documents and expert commentary on various topics relating to the worldwide effort to combat terrorism, as well as efforts by the United States and other nations to protect their national security interests. Volume 140, The Cyber Threat considers U.S. policy in relation to cybersecurity and cyberterrorism, and examines opposing views on cybersecurity and international law by nations such as Russia and China. The documents in this volume include testimony of FBI officials before Congressional committees, as well as detailed reports from the Strategic Studies Institute/U.S. Army War College Press and from the Congressional Research Service. The detailed studies in this volume tackling the core issues of cybersecurity and cyberterrorism include: Legality in Cyberspace; An Adversary View and Distinguishing Acts of War in Cyberspace; and Assessment Criteria, Policy Considerations, and Response Implications.

Telecommunications Research and Engineering at the Communications Technology Laboratory of the Department of Commerce

Telecommunications Research and Engineering at the Communications Technology Laboratory of the Department of Commerce PDF Author: National Academies of Sciences, Engineering, and Medicine
Publisher: National Academies Press
ISBN: 0309379830
Category : Technology & Engineering
Languages : en
Pages : 138

Get Book Here

Book Description
The Department of Commerce operates two telecommunications research laboratories located at the Department of Commerce's Boulder, Colorado, campus: the National Telecommunications and Information Administration's (NTIA's) Institute for Telecommunications Sciences (ITS) and the National Institute of Standards and Technology's (NIST's) Communications Technology Laboratory (CTL). CTL develops appropriate measurements and standards to enable interoperable public safety communications, effective and efficient spectrum use and sharing, and advanced communication technologies. CTL is a newly organized laboratory within NIST, formed mid-2014. As it is new and its planned work represents a departure from that carried out by the elements of which it was composed, this study focuses on its available resources and future plans rather than past work. The Boulder telecommunications laboratories currently play an important role in the economic vitality of the country and can play an even greater role given the importance of access to spectrum and spectrum sharing to the wireless networking and mobile cellular industries. Research advances are needed to ensure the continued evolution and enhancement of the connected world the public has come to expect.

Information Privacy Engineering and Privacy by Design

Information Privacy Engineering and Privacy by Design PDF Author: William Stallings
Publisher: Addison-Wesley Professional
ISBN: 0135278376
Category : Computers
Languages : en
Pages : 666

Get Book Here

Book Description
The Comprehensive Guide to Engineering and Implementing Privacy Best Practices As systems grow more complex and cybersecurity attacks more relentless, safeguarding privacy is ever more challenging. Organizations are increasingly responding in two ways, and both are mandated by key standards such as GDPR and ISO/IEC 27701:2019. The first approach, privacy by design, aims to embed privacy throughout the design and architecture of IT systems and business practices. The second, privacy engineering, encompasses the technical capabilities and management processes needed to implement, deploy, and operate privacy features and controls in working systems. In Information Privacy Engineering and Privacy by Design, internationally renowned IT consultant and author William Stallings brings together the comprehensive knowledge privacy executives and engineers need to apply both approaches. Using the techniques he presents, IT leaders and technical professionals can systematically anticipate and respond to a wide spectrum of privacy requirements, threats, and vulnerabilities—addressing regulations, contractual commitments, organizational policies, and the expectations of their key stakeholders. • Review privacy-related essentials of information security and cryptography • Understand the concepts of privacy by design and privacy engineering • Use modern system access controls and security countermeasures to partially satisfy privacy requirements • Enforce database privacy via anonymization and de-identification • Prevent data losses and breaches • Address privacy issues related to cloud computing and IoT • Establish effective information privacy management, from governance and culture to audits and impact assessment • Respond to key privacy rules including GDPR, U.S. federal law, and the California Consumer Privacy Act This guide will be an indispensable resource for anyone with privacy responsibilities in any organization, and for all students studying the privacy aspects of cybersecurity.

Telecommunications Research and Engineering at the Institute for Telecommunication Sciences of the Department of Commerce

Telecommunications Research and Engineering at the Institute for Telecommunication Sciences of the Department of Commerce PDF Author: National Academies of Sciences, Engineering, and Medicine
Publisher: National Academies Press
ISBN: 0309388465
Category : Technology & Engineering
Languages : en
Pages : 157

Get Book Here

Book Description
The Department of Commerce operates two telecommunications research laboratories located at the Department of Commerce's Boulder, Colorado, campus: the National Telecommunications and Information Administration's (NTIA's) Institute for Telecommunications Sciences (ITS) and the National Institute of Standards and Technology's (NIST's) Communications Technology Laboratory (CTL). ITS serves as a principal federal resource for solving the telecommunications concerns of federal agencies, state and local governments, private corporations and associations, standards bodies, and international organizations. ITS could provide an essential service to the nation by being a principal provider of instrumentation and spectrum measurement services; however, the inter-related shortages of funding, staff, and a coherent strategy limits its ability to fully function as a research laboratory. This report examines the institute's performance, resources, and capabilities and the extent to which these meet customer needs. The Boulder telecommunications laboratories currently play an important role in the economic vitality of the country and can play an even greater role given the importance of access to spectrum and spectrum sharing to the wireless networking and mobile cellular industries. Research advances are needed to ensure the continued evolution and enhancement of the connected world the public has come to expect.