Speaker: Shari Lawrence Pfleeger (Dartmouth College, USA)
Shari Lawrence Pfleeger is an I3P Research Fellow at Dartmouth College and is Editor-in-Chief of IEEE Security & Privacy magazine. Until August 2013, she was research director for the Institute for Information Infrastructure Protection (I3P), a consortium of 26 US universities, national laboratories and non-profit organizations conducting cybersecurity research. In the past, she has been a senior scientist at the RAND Corporation, a principal scientist at the Contel Technology Center, and president of Systems/Software, Inc., a software engineering consultancy. In addition to leading a project on usable security, she also directs a multidisciplinary project, funded by US, Dutch and Swedish government agencies, studying what makes an effective cybersecurity incident response team.
Title: Preliminary Results from Three Peeks into Making Security More Usable
"Common wisdom" suggests that if security were more usable, users would no longer try to circumvent it to get their work done; that is, more usability would lead to better security. But when experts recommend how to make our security applications more usable, many of their security recommendations are based only on anecdotal evidence, not on carefully crafted studies of cause and effect. For these reasons, the US Department of Homeland Security and the National Institute of Science and Technology have funded three case studies, to determine what actually helps to make security more usable. In this talk, Dr. Pfleeger will describe how her multidisciplinary team of security and usability researchers developed a uniform case study methodology and conducted three case studies of organizations trying to implement usable security. She will present preliminary findings and explain why and how these studies are intended to be the beginning of a corpus of information about usable security that can put our recommendations on a more solid, scientific footing.