Human-centered design involves taking into account the needs and limitations of people – how they think, behave and interact with technology when designing and building software and applications.
Using behavior change to influence how people interact with technology only addresses the symptoms rather than the root cause when it comes to managing human risk in cybersecurity. A more effective approach to cybersecurity, according to research by Horace Petrescuis to shift the focus away from trying to change human behavior and instead designing technology to work safely during human interaction.
The proposed solution, “human-centered design”, involves taking into consideration people’s needs and limitations, the way they think, behave and interact with technology when designing and building software and applications. By designing for humans, technology can be created that is safe and easy to use. Additionally, this approach prioritizes usability, making security features intuitive and easy to use.
The proposed long-term solution is as follows:
- Application of Human-Centered Design to the Software Development Life Cycle (SDLC), mainly ensuring a ‘useable by design’ approach (behavioral change intervention strategies can also be used here if needed).
- Use Artificial Intelligence/Machine Learning (AI/ML) to assist technical security professionals with the technological complexity of assessing and configuring application and system security.
- Shifting from traditional ineffective security awareness approach to “holistic security awareness” strategies.
Putting human-centered design into practice
Markswell Coelho, coordinator of IBSEC – Brazilian Institute of Cybersecurity, says security departments often see users as a potential threat that needs to be dealt with. It is widely recognized that many users are careless and unenthusiastic about system security.
Searches dating back to 1999 found that users who inadvertently or deliberately compromise computer security measures, such as password authentication, often do so due to inadequate security implementations. The suggestion at the time was to take a user-centric design approach to improve the situation, make humans safer instead of making security more usable from the start.
Petrescu also says in his research that while the concept of human-centered design in cybersecurity may seem simple in theory, putting it into practice can be a challenge. This requires a mindset shift from the traditional security-centric approach to a user-centric approach. It also requires collaboration between multiple teams, including security experts, designers, and developers.
Implementing human-centered design in cybersecurity involves users in the design and development process. This can help ensure that technology under development is easy to use and that security measures are tailored to the way users think and behave. Additionally, conducting user surveys, usability testing, and user feedback can help identify potential security issues before they become a problem.
Implementing human-centered design in cybersecurity requires collaboration between designers, developers, and security experts. Designers need to understand the threats and risks involved in cybersecurity, while security experts need to understand the importance of usability and user experience. Together, they can create secure and easy-to-use software and applications.
Another important aspect of human-centered design in cybersecurity, according to Petrescu, is taking a holistic approach and considering the entire user journey. This means thinking about how users will interact with the technology, not just when accessing or entering sensitive information, but throughout the entire process. By considering all touchpoints, it is possible to identify possible vulnerabilities and design tailor-made solutions for the user.
He concludes by discussing the importance of continually evaluating and improving design. Security threats are constantly evolving, and the technology used to combat them must evolve as well. This means regularly reviewing and updating the design to ensure it remains effective at protecting against new threats.
More information: IBSEC extension
Website: https://ibsec.com.br/
Source: Terra
Rose James is a Gossipify movie and series reviewer known for her in-depth analysis and unique perspective on the latest releases. With a background in film studies, she provides engaging and informative reviews, and keeps readers up to date with industry trends and emerging talents.
