The Unmotivated User Property
Security is usually a secondary goal. People do not generally sit at their computers wanting to manage security; rather, they want to complete a task that may tangentially involve security.
The Abstraction Property
Computer security management often involves security policies which may be alien and unintuitive to many members of the general user population. This makes achieving simple abstractions difficult.
The Lack of Feedback Property
Providing good feedback for security management is a difficult problem. The state of a security configuration is usually complex, and attempts to summarize it are often inadequate.
The Barn Door Property
Once a security secret has been left accidentally unprotected, even for a short time, there is no way to be sure that it has not already been read by an attacker. Because of this, a very high priority must be placed on making sure the user does not make potentially high-cost mistakes.
The Weakest Link Property
It is well known that the security of a networked computer is only as strong as its weakest component. This means that users need to be guided to attend to all aspects of their security, not left to proceed through random exploration as they might with a word processor or spreadsheet.
Wednesday, March 11, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment