34. Security and Usability

Questions and Answers

According to the context, what is avoidance of harm from use related to in human-centred design?

Positive outcomes from interaction

Ergonomic aspects of product design

Negative outcomes that could arise from inappropriate forms of interaction or outputs (correct)

User satisfaction with the system

Why is security considered part of avoidance of harm from use?

Because it is an aspect of usability

Because it is an ergonomic consideration

Because it tries to avoid security-related harm (correct)

Because it enhances user satisfaction

What does flexibility in a computer system refer to?

Ability to adapt to the environment and users' needs (correct)

Ability to withstand attacks

Ability to recover from system failures

Ability to sustain for a longer term

Why is security often not what users want?

Because users want to focus on getting their work done

What is the primary goal of a security system in the context of human-centred design?

To provide a sufficient level of security

What is the relationship between security and usability in the context of human-centred design?

Security and usability are separate but related considerations

What is the main focus of 'satisfaction' in the context of usability?

A collective goal of achieving specified goals

What is the term for 'meeting the widest range of user needs' in diverse contexts of use?

Accessibility

Which of the following OECD guidelines emphasizes the importance of 'human rights and fundamental values' in digital security risk management?

OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity (2015)

What is the term for 'the extent to which a system, product or service can be used by specified users to achieve specified goals'?

Usability

What is the primary goal of a transdisciplinary approach to protection?

To understand how adversaries attack and compromise systems

What is the term for 'the person's perceptions and responses that result from the use and/or anticipated use of a system, product or service'?

User experience

What is the primary focus of the 4 principles in NIST Special Publication 800-27 related to security foundations?

Ease of use and usability

What is the importance of basing security on open standards, as stated in NIST SP 800-27?

To promote portability and interoperability

What is the primary focus of NIST SP 800-160 Vol. 1 in relation to security?

Security architecture and design

What is the importance of designing security to allow for regular adoption of new technology, as stated in NIST SP 800-27?

To enable the integration of new technologies and reduce legacy system risks

What is the primary focus of the 8 principles in NIST SP 800-27 related to resilience?

System redundancy and fault tolerance

What is the importance of striving for operational ease of use, as stated in NIST SP 800-27?

To enhance the user experience

A security system tries to avoid some ______-related harm(s).

security

A computer system should be ______ enough to adapt to the environment and the users’ needs.

flexible

Security is often NOT what users want , users want their work done and they don’t know what ______ really means!

security

According to the OECD Guidelines for the Security of Information Systems and Networks, one of the principles is ______ which includes human rights and fundamental values.

Democracy

The ______ approach to protection requires consideration across all assets where loss could occur.

transdisciplinary

Part of effectiveness: A ______ system is not effective if it does not provide a sufficient level of security.

security

Part of satisfaction: You will not be satisfied if a ______ system does not provide a sufficient level of security.

security

In the context of security, human factors are critical as humans can be the weakest ______ in the system.

link

A computer system should be ______ and robust enough to attacks, system failures and errors, and can recover easily to support continuity of use.

resilient

The OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity (2015) outlines ______ principles for security risk management.

8

According to the ISO 9241-11:2018, ______ is the extent to which a system can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction.

usability

In security design, it is essential to consider the ______ in the system, including how adversaries attack and compromise systems.

adversities

The Parkerian Hexad includes _______ and Integrity.

Utility

NIST SP 800-160 Vol. 1 provides considerations for a _______ Approach in the Engineering of Trustworthy Secure Systems.

Multidisciplinary

According to NIST SP 800-27, security should be designed to allow for regular adoption of new _______ technology.

secure

NIST SP 800-160 Vol. 1 includes principles related to _______ Factor Security, among others.

Human

NIST SP 800-27 emphasizes the importance of _______ security foundations, including principles related to ease of use.

Life Cycle

NIST SP 800-160 Vol. 1 discusses the importance of a _______ Approach to protection in system security engineering.

Transdisciplinary