Saturday, June 19, 2021

Better security decision through better design

Security is not always about zero day attacks, buffer overflows and cyber espionage rings, according to Chester Wisniewski, senior security advisor at Sophos Canada.  Working on usability and developing better user experice is critical as well in his line of work.

Software designers and security experts, he said, also spend a great deal of time and effort figuring out how to present information in the right way so that users can easily understand them and actually use them to make better decisions.
 

For instance, when Wisniewski was assigned to help in designing the Sophos Email Appliance, he was asked by his bosses to represent the user in the process.

The technical details of how technical support and auditing could be provided were still worked out, he said in a recent post on the Naked Security blog site. However, the developers spent an equal amount of time figuring out how the product would actually work for an administrator.

RELATED CONTENT

Creating a new mobile user experience with BlackBerry Z10
User experience gauges IT success

 
Adam Shostack of Microsoft Corp., in his presentation at the BSides security conference in Vancouver last week, demonstrated a NEAT idea of how developers can SPRUCE up their coding, according Wisniewski.
 
 
NEAT and SPRUCE are actually wallet cards that developers carry around and refer to when designing security prompts.
NEAT and SPRUCE are acronyms that “remind them to think carefully about all the aspects involved,” said Wisniewski.

These flash cards are something that developers in your organizations might find useful as well.


Read the whole story here

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News