Human-Centered Security
How to Design Systems That Are Both Safe and Usable
Whether you’re a designer, researcher, product manager, or engineer, you need to be concerned about your product’s security experience and your organization’s overall security.
If you care about the people who use your products and want to keep them safe, Human-Centered Security is an essential resource to have at your fingertips. This book provides valuable insights and critical questions to help you ensure that your organization’s security experience is both strong and effective.
Takeaways
- Learn how security impacts the user experience—both positively and negatively.
- Understand key security concepts and terms.
- Learn about the intricate dynamics of the user security experience.
- Figure out who your security allies are in your company and how to use them for the best outcomes.
- Ask better questions when talking to your cross-disciplinary team about how to interpret security.
- Consider what the enhanced measures are when designing for secure outcomes.
- Embrace iteration when threat actors surprise your company with unpredictable actions.
- Discover how to get buy-in for security from your leadership.
Whether you’re a designer, researcher, product manager, or engineer, you need to be concerned about your product’s security experience and your organization’s overall security.
If you care about the people who use your products and want to keep them safe, Human-Centered Security is an essential resource to have at your fingertips. This book provides valuable insights and critical questions to help you ensure that your organization’s security experience is both strong and effective.
Takeaways
- Learn how security impacts the user experience—both positively and negatively.
- Understand key security concepts and terms.
- Learn about the intricate dynamics of the user security experience.
- Figure out who your security allies are in your company and how to use them for the best outcomes.
- Ask better questions when talking to your cross-disciplinary team about how to interpret security.
- Consider what the enhanced measures are when designing for secure outcomes.
- Embrace iteration when threat actors surprise your company with unpredictable actions.
- Discover how to get buy-in for security from your leadership.
Testimonials
“Trost’s Human-Centered Security is an opportunity to reexamine not just what security behaviors are, but how we design for them, translating applied behavioral science into a practical method for security designers.”
—Matt Wallaert
Founder at BeSci.io and author of Start at the End: How to Build Products That Create Change
“Human-Centered Security is an excellent blend of human factors, design, and cybersecurity. As a human factors security researcher, I have been looking for more content in this space from different perspectives. Seeing a book written from a designer/UX/UI perspective is refreshing and is helpful to understand how products can be developed with cybersecurity in mind.”
—Nikki Robinson, DSc, PhD
Author of Mind the Tech Gap and Effective Vulnerability Management, lead security architect at IBM and adjunct professor
“In this much-needed work, Heidi offers a comprehensive exploration of balancing human-centric design and security practices, particularly from the lens of user experience. She delves into the intricate relationship between security, design, and human behavior within a threat-laden digital ecosystem through captivating storytelling. Heidi masterfully unpacks the complexities that arise when trying to create secure systems that are also intuitive and user-friendly. Additionally, she provides practical, actionable strategies to reduce confusion and enhance the balance between usability and security.”
—Calvin Nobles, PhD
Portfolio vice president and dean/Human Factors expert
“This is an excellent introduction to human-centered security thinking, and a step-by-step guide to developing security that people can and want to use.”
—M. Angela Sasse, PhD
Professor of Human-Centered Security, Ruhr University Bochum
“Human-Centered Security provides an accessible overview of the user’s security ecosystem that demystifies the often overly complex and intimidating world of security and privacy. This book provides clear guideposts and resources for anyone designing for security or with security in mind, which should be everyone.”
—Lindsey Wallace PhD
Director of Design Research and Strategy, Cisco Securit
Table of Contents
Chapter 1: Security user experience challenges
Chapter 2: Leverage iterative design
Chapter 3: Channel your inner risk analyst
Chapter 4: Build risk analysis into user research
Chapter 5: Humanize security policies
Chapter 6: Encourage secure behaviors
Chapter 7: Design access
Chapter 8: Combat social engineering
Chapter 9: Build security into onboarding
Chapter 10: Help technical users manage security
Chapter 11: Get started
