DeepSec 2011 Focus: Usable Security
A few days ago we uploaded the keynote speech held by Matt Watchinski at DeepSec 2009. The title was: „Technology Won’t Save You, Only People Will“ This statement can be turned into the opposite: Technology won’t threaten you, people will. We’re not talking about threats from insiders turned rogue. We are talking about holes in your defence because of badly configured or mishandled security devices and software. This has nothing to do with being Bastard Operator from Hell and putting the blame on the users or colleagues. A modern company infrastructure has to deal with a lot of complexity all by itself. Adding security won’t reduce this complexity. Adding badly designed user interfaces (for security devices and options), confusing status/error messages and hardly comprehensible settings will most certainly increase the risk of security incidents. Let’s face it, we all make mistakes, so let’s think about how to deal with them and how to avoid them.
We’d like to address the topic of usable security at DeepSec 2011. This aspect not only touches the IT staff, it affects the users as well. It’s fine to talk about raising awareness for security risks, but how do you convey the message? What should users actually do when they know enough about identifying risks? If you’re going to educate your users, your have to talk about risks and remedies alike. There’s no point in leaving the most important half of the lesson in the dark.
So if you
- have ideas about (complete) security awareness tutorials/programmes,
- develop software and design UIs (user interfaces),
- have made a lot of configuration mistakes and know about the implications,
- understand the psychology of IT staff/users
- and you want to discuss your ideas/findings on stage,
then let us know! Submit your ideas to our Call for Papers!