Human-Centered Security

[bookbb 0]

Human-Centered Security by Heidi Trost, Adam Shostack
English | December 10, 2024 | ISBN: 1959029096 | 160 pages | PDF | 16 Mb
In our interconnected world, we face a complex cybersecurity ecosystem where digital vulnerabilities can have far-reaching consequences. Threats to digital infrastructure often impact critical physical systems, potentially causing real-world harm. With AI agents set to handle extensive personal information, data security and privacy are more crucial than ever.

Human-Centered Security targets professionals designing digital products that handle sensitive data: UX designers, engineers, and product managers. It's also for those responsible for securing organizational data and systems: security engineers, CISOs, CIOs, and teams focused on risk management, legal, privacy, and compliance.
These professionals influence security-related behaviors and possess deep knowledge of threats to their products or organizations. This places a significant responsibility on them to design resilient systems that encourage safer outcomes. As the stakes continue to rise in our digital landscape, their role in protecting users from evolving cybersecurity risks becomes increasingly vital.This book will help you:Focus on areas of the user experience where security impacts users the most. These are places where users are signing up, configuring a product for the first time, handling customer or patient data, or when confronted with a security or privacy-related message or warning, to name a few.Understand the dynamics of the security ecosystem. Looking at the security ecosystem from a single vantage point won't work. Instead, you need to understand how the system design impacts users, how user actions prompt changes to the system design, how threat actors take advantage, how threat actors actions prompt changes to the system design, how users react, and on and on.Find your security UX allies. Think of a Venn diagram, with circles representing the security team, the UX team, the product team, the engineering team, the legal and privacy teams, as so on. To improve the security user experience, these circles must overlap. In other words, each group's expertise and perspective are required to understand and design for the dynamic cybersecurity ecosystem.Ask better questions when talking to your cross-disciplinary team. These questions will help your team anti[beeep]te how users might react and how threat actors might take advantage.What to consider when designing for secure outcomes. The book examines some of the most common security user experience issues.Embrace iteration. Users will do things you didn't expect or account for. Even more importantly, threat actors will act in ways you couldn't have predicted. What was effective yesterday might not be as effective today.

Download Links

Ukryta Zawartość

Treść widoczna tylko dla użytkowników forum DarkSiders. Zaloguj się lub załóż darmowe konto na forum aby uzyskać dostęp bez limitów.