Adam Shostack: Usable Security


Adam Shostack is a cybersecurity professional with decades of experience in the industry. As such, Adam Shostack understands some of the prominent aspects of getting users to appreciate and easily understand the various issues of security. Indeed, usability is one of the overlooked aspects of security, as any controls built into a system that hinders a users' ability to accomplish their goals will either be ignored or bypassed in one way or another.
Security engineers have to build systems with their users in mind, and by building usable security functions, they help in making the system a secure one. One of the reasons why application security problems are common is because many deployed security measures are not exactly user-friendly. By thinking about how to make security usable, various security mechanisms will have a hard time gaining acceptance.
According to Adam Shostack, Security can be made usable in a number of ways. For starters, it can be understood so that users can actually realize they face a threat. A browser address bar turning red when accessing an insecure website is an example of this. Additionally, users can also be trained to recognize actual risks and how to deal with them.

Comments

Post a Comment

Popular posts from this blog

Adam Shostack: What is Security Engineering

Adam Shostack's career in security and privacy matters spans more than two decades, during which he's gotten to understand and appreciate the role of security engineering in an increasingly digital world. Security engineering entails the building of systems that can be reliable and dependable in the face of error or malice. As a discipline, it is focused on the methods, tools and processes required to design, test and implement complete systems, and adapt the needs of these systems to the environment around them. The security engineering profession requires expertise in various disciplines, including computer security and cryptography through both hardware and software. The skills needed to excel range from business process analysis to software engineering and testing skills. The knowledge of economics, law, applied psychology and organizations is also important. Many are the security systems that have critical assurance requirements. Should they fail, the consequ...
Read more

A Review of Adam Shostack’s “Threat Modeling”

Adam Shostack lives and works in Seattle, Washington, as the President of Shostack & Associates. He has more than a decade of experience in information security, much of which he spent at Microsoft, and he’s passionate about his field. He’s the author of Threat Modeling: Designing for Security (Wiley, 2014), which continues to receive excellent reader reviews years after launch. One such review of Adam Shostack’s Threat Modeling: Designing for Security is highlighted below: ·          “Adam is the expert of threat modeling and presented a talk at Blackhat 2018 covering the most current threats and they are easily folding into the existing threat model. The book is easy to read and understand. Highly recommend for every security professional.” Click here to buy the book on Amazon. Want to keep reading about Adam Shostack’s career as a cybersecurity game changer? If so, head to adam.shostack.org for complete information on h...
Read more

Adam Shostack: Passionate Professional

Adam Shostack is a successful leader, entrepreneur, technologist and game designer. He’s also the President of Shostack & Associates in Seattle, Washington, and he specializes in cybersecurity. Mr. Shostack has more than a decade of experience and an excellent reputation in his field among both clients and colleagues.  Visit  https://www.darkreading.com/author-bio.asp?author_id=2432& to know more about him. He’s passionate about information security and privacy, particularly at the intersection of technology and people, and his successes reflect it well. Adam Shostack is also the author of Threat Modeling: Designing for Security (Wiley, 2014) and the co-author of The New School of Information Security (Addison-Wesley, 2008). Looking for additional information on Adam Shostack’s career as a cybersecurity visionary? Head to his Twitter page here for his latest updates on his work, content production, public speaking events and more.
Read more