View Larger Image	Lorrie Cranor, Simson Garfinkel O'Reilly Media, Paperback, Published August 2005, 738 pages, ISBN 0596008279
	List Price: $44.95 Our Price: $22.25 You Save: $22.70 (51% Off)
	Availability: In-Stock

Read an Excerpt: Chapter 23: Privacy Analysis for the Casual User with Bugnosis       Excerpt provided courtesy of O'Reilly and Associates.

Write a Review and tell the world about this title!

People who purchase this book frequently purchase:

• Web Site Measurement Hacks; Eric T. Peterson, $14.95, 40% Off!
• Switching to VoIP; Theodore Wallingford, $23.95, 40% Off!
• Time Management for System Administrators; Thomas A. Limoncelli, $14.95, 40% Off!
• Perl Testing: A Developer's Notebook; Ian Langworth, et al, $17.95, 40% Off!

• Enterprise Computing : Security

• O'Reilly Media

Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.

Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.

There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

Security & Usability groups 34 essays into six parts:

• Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic.
• Authentication Mechanisms-- techniques for identifying and authenticating computer users.
• Secure Systems--how system software can deliver or destroy a secure user experience.


• Privacy and Anonymity Systems--methods for allowing people to control the release of personal information.
• Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g.,
  IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.
• The Classics--groundbreaking papers that sparked the field of security and usability.

Table of Contents

1. Preface

Part. Realigning Usability and Security

1. Psychological Acceptability Revisited Matt Bishop 1

2. Usable Security M. Angela Sasse and Ivan Flechais 13

3. Design for Usability Bruce Tognazzini 29

4. Usability Design and Evaluation for Privacy and Security Solutions Clare-Marie Karat, Carolyn Brodie, and John Karat 45

5. Designing Systems That People Will Trust Andrew S. Patrick, Pamela Briggs, and Stephen Marsh 71

Part. Authentication Mechanisms

6. Evaluating Authentication Mechanisms Karen Renaud 97

7. The Memorability and Security of Passwords Jeff Yan, Alan Blackwell, Ross Anderson, and Alasdair Grant 121

8. Designing Authentication Systemswith Challenge Questions Mike Just 135

9. Graphical Passwords Fabian Monrose and Michael K. Reiter 147

10. Usable Biometrics Lynne Coventry 165

11. Identifying Users from Their Typing Patterns Alen Peacock, Xian Ke, and Matt Wilkerson 187

12. The Usability of Security Devices Ugo Piazzalunga, Paolo Salvaneschi, and Paolo Coffetti 209

Part. Secure Systems

13. Guidelines and Strategies for Secure Interaction Design Ka-Ping Yee 235

14. Fighting Phishing at the User Interface Robert C. Miller and Min Wu 263

15. Sanitization and Usability Simson Garfinkel 281

16. Making the Impossible Easy: Usable PKI Dirk Balfanz, Glenn Durfee, and D.K. Smetters 305

17. Simple Desktop Security with Chameleon A. Chris Long and Courtney Moskowitz 321

18. Security Administration Tools and Practices Eser Kandogan and Eben M. Haber 343

Part. Privacy and Anonymity Systems

19. Privacy Issues and Human-Computer Interaction Mark S. Ackerman and Scott D. Mainwaring 365

20. A User-Centric Privacy Space Framework Benjamin Brunk 383

21. Five Pitfalls in the Design for Privacy Scott Lederer, Jason I. Hong, Anind K. Dey, and James A. Landay 403

22. Privacy Policies and Privacy Preferences Lorrie Faith Cranor 429

23. Privacy Analysis for the Casual User with Bugnosis David Martin 455

24. Informed Consent by Design Batya Friedman, Peyina Lin, and Jessica K. Miller 477

25. Social Approaches to End-User Privacy Management Jeremy Goecks and Elizabeth D. Mynatt 505

26. Anonymity Loves Company: Usability and the Network Effect Roger Dingledine and Nick Mathewson 529

Part. Commercializing Usability: The Ventor Perspective

27. ZoneAlarm: Creating Usable Security Products for ConsumersJordy Berson 545

28. Firefox and the Worry-Free Web Blake Ross 559

29. Users and Trust: A Microsoft Case Study Chris Nodder 571

30. IBM Lotus Notes/Domino: Embedding Security in Collaborative Applications Mary Ellen Zurko 589

31. Achieving Usable Security in Groove Virtual Office George Moromisato, Paul Boyd, and Nimisha Asthagiri 605

Part. The Classics

32. Users Are Not the Enemy Anne Adams and M. Angela Sasse 619

33. Usability and Privacy:A Study of KaZaA P2P File Sharing Nathaniel S. Good and Aaron Krekelberg 631

34. Why Johnny Can't Encrypt Alma Whitten and J. D. Tygar 649

Index

About the Authors

Lorrie Faith Cranor is an Associate Research Professor in the School of Computer Science and in the Engineering and Public Policy Department at Carnegie Mellon University. She is director of the CMU Usable Privacy and Security Laboratory (CUPS). She came to CMU in December 2003 after seven years at AT&T Labs-Research. Cranor's research has focused on a variety of areas where technology and policy issues interact, including online privacy, electronic voting, and spam. She is chair of the Platform for Privacy Preferences Project (P3P) Specification Working Group at the World Wide Web Consortium and author of the book Web Privacy with P3P (O'Reilly, 2002). She served as general chair of the 2005 Symposium On Usable Privacy and Security (SOUPS). In 2003, she was named one of the top 100 innovators 35 or younger by Technology Review magazine. Cranor spends most of her free time with her husband, Chuck, and her children, Shane and Maya, but sometimes she finds time to play the tenor saxophone or design and create award-winning quilts.

Simson Garfinkel is a postdoctoral fellow at the Center for Research on Computers and Society at Harvard University's department of Electrical Engineering and Computer Science. He came to Harvard after completing his Ph.D. in Computer Security at MIT's Computer Science and Artificial Intelligence Laboratory, where he studied computer security, usability, and forensics. Garfinkel is also the founder of Sandstorm Enterprises, Inc., a supplier of computer security auditing tools. Garfinkel writes a monthly column on computer security for CSO Magazine, for which he has received the 2004 and 2005 Neal Business Journalism award. This is Garfinkel's 14th book; he doesn't have any free time.

Jan 19, 2006     Brendon from Minneapolis, MN
Great book!!
Security and Usability is a great book divided into six parts and 34 essays, each by different authors with different viewpoints. The book identifies many ways to make your applications secure AND usable; two things that dont typically go together. Security and Usability does a great job explaining the difficulties users have with using things like encryption software and biometric devices. The group of essays on different types of authentication mechanisms does a great job explaining many different types as well as the problems and benefits of each. This is an all around great book for readers interested in making their systems secure and usable.

Forgot your password? FAQs Shipping Options Returns Your Orders Your Account