DeepSec 2011 Focus: Usable Security
A few days ago we uploaded the keynote speech held by Matt Watchinski at DeepSec 2009. The title was: „Technology Won’t Save You, Only People Will“ This statement can be turned into the opposite: Technology won’t threaten you, people will. We’re not talking about threats from insiders turned rogue. We are talking about holes in your defence because of badly configured or mishandled security devices and software. This has nothing to do with being Bastard Operator from Hell and putting the blame on the users or colleagues. A modern company infrastructure has to deal with a lot of complexity all by itself. Adding security won’t reduce this complexity. Adding badly designed user interfaces (for security devices and options), confusing status/error messages and hardly comprehensible settings will most certainly increase the risk of security incidents.