A few weeks ago I was at an ISACA/ISC2 event where Chris Ulliott spoke about usable security. He argued that we (technology creators in general) ask far too much of the general public to be able to understand and use technology securely. I agree – asking any internet user to be able to spot a sophisticated phishing email by looking at email return addresses, checking URL links and possibly even looking at email headers for dodgy IP addresses is just over the top. Chris mentioned something called Nudge Theory and how we should use it more when designing security features. From Wikipedia: "Nudge theory is a concept in behavioural science, political theory and economics which argues that positive reinforcement and indirect suggestions to try to achieve non-forced compliance can influence the motives, incentives and decision making of groups and individuals, at least as effectively – if not more effectively – than direct instruction, legislation, or enforcement."
JavaScript quantitative thumbs.db Karanga camp court report St Nicholas insider fraud data flow foamcore SMS Pentlands AES visualisation masters RHD new favicon PNG IE security Lenzie chocolate Deterrence Theory gardening wifi Dean Village Belgium guidelines Sqlite statistics Malware conference web browser forensics laptop art history alternate data streams cree.py art gallery metaphors abandoned buildings Firebug Geocities section breaks Sainsbury's compSIA. Security+ cyber threat models programming chemistry Christmas SANS Vista Megalosaurus exhibition mobile phones reference management fingerprints Tineye 30 Seconds to Mars asparagus timestamps