Human-computer interaction (security)
Encyclopedia
HCISec is the study of interaction between humans and computers, or HCI
, specifically as it pertains to information security
. Its aim, in plain terms, is to improve the usability
of security features in end user applications.
Unlike HCI, which has roots in the early days of Xerox PARC
during the 1970s, HCISec is a nascent field of study by comparison. Not surprisingly, interest in this topic tracks with that of Internet security
, which has become an area of broad public concern only in very recent years.
Historically, security features exhibit poor usability for reasons that include:
HCI
HCI may refer to:- Computing :* Home Computer Initiative, a United Kingdom government programme designed to increase the use of computers in the home...
, specifically as it pertains to information security
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
. Its aim, in plain terms, is to improve the usability
Usability
Usability is the ease of use and learnability of a human-made object. The object of use can be a software application, website, book, tool, machine, process, or anything a human interacts with. A usability study may be conducted as a primary job function by a usability analyst or as a secondary job...
of security features in end user applications.
Unlike HCI, which has roots in the early days of Xerox PARC
Xerox PARC
PARC , formerly Xerox PARC, is a research and co-development company in Palo Alto, California, with a distinguished reputation for its contributions to information technology and hardware systems....
during the 1970s, HCISec is a nascent field of study by comparison. Not surprisingly, interest in this topic tracks with that of Internet security
Internet security
Internet security is a branch of computer security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud,...
, which has become an area of broad public concern only in very recent years.
Historically, security features exhibit poor usability for reasons that include:
- they were added in casual afterthought
- they were hastily patched in to address newly discovered security bugSecurity bugA security bug is a software bug that benefits someone other than intended beneficiaries in the intended ways.Security bugs introduce security vulnerabilities by compromising one or more of:* Authentication of users and other entities...
s - they address very complex use caseUse caseIn software engineering and systems engineering, a use case is a description of steps or actions between a user and a software system which leads the user towards something useful...
s without the benefit of a software wizardWizard (software)A software wizard or setup assistant is a user interface type that presents a user with a sequence of dialog boxes that lead the user through a series of well-defined steps. Tasks that are complex, infrequently performed, or unfamiliar may be easier to perform using a wizard... - their interface designers lacked understanding of related security concepts
- their interface designers were not usability experts (often meaning they were the application developers themselves)
Further reading
- "Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable", by Simson GarfinkelSimson GarfinkelSimson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, California. Garfinkel is regarded as a leader in the fields of Digital forensics and Usable Security...
External links
- HCISec Bibliography
- HCISec Yahoo! Group
- Usable Security Blog