Human-Centered Security: Bridging the Gap between People and Technology
Human-Centered Security: Bridging the Gap between People and Technology
Anuoluwa Akinsola
Human-centred security is no longer an option in a world where technology is advancing at dizzying speed; it is a must. To strengthen and make substantial strides toward safeguarding our digital lives, it is essential to identify and tackle the human aspect of information system design.
Information is everywhere—from the codified language of the web, the technical algorithms of social networks, information technology and blockchain systems to digital products and software applications. The lifeline and powerhouse of the information system is heavily dependent on the users’ data—and this goes throughout its lifecycle. An information system instructs processes and streamlines people’s decisions. However, digital adventure has its paradox. Users are concerned with data security and Privacy as they engage and interact with the business of digital services, while hacktivists’ cyber attackers’ core priorities and concerns are to gain access to these data through phishing, malware, man-in-the-middle, and denial of service strategies. After all, they are all users of information systems for different purposes.
—Organizations are more vulnerable than ever due to the growth and severity of security errors—
This article explores the core notion of human-centred security in the context of information system architecture. In the ever-changing world of technology and information systems, the importance of people in setting security standards cannot be overemphasized. It looks further at how human-centred security concepts are essential in the design and deployment of information systems and in bridging the gap between technology and the people who use it.
Understanding Human Factors
Technology is vital in safeguarding information assets, but humans are responsible for the design, implementation, and operational use of these technologies. Integrating people and information systems has consistently raised the prospect of many security flaws.
Human factors are essential in information system security because they influence users’ attitudes toward security. Since we manage software and digital assets, information system security is a human factor issue. Human factors affect how we interact with information technology, and this interaction is frequently detrimental to security. Consequently, the most significant obstacle is the non-technical factor—the human problem. As a result, it is vital to grasp and address issues involving human factors in designing and implementing a secure information system.
Other crucial human aspects for securing information systems include function analysis, environmental analysis, user preference and need investigation. The system must demonstrate that it can identify ways to assist users with their tasks, systemic context, user performance, and the requirements necessary to satisfy users’ needs correctly.
User-Centered Design
The level of attention users receive during the design process influences their experiences. UCD encapsulates user interface and user experience. Due to its focus on how users interact with digital products, user experience is essential to system design.
Usability has yet to have a significant impact on the security community. This absence of effects does not result from a lack of need or a failure to appreciate the importance of usability in general and security in particular. Security usability is not typically considered during the systems design process due to a tendency to focus strictly on components rather than users’ wants and values. As a result, it affects both safety and usability. Asking users what they want is the first step in a user-centred design strategy to understand their demands better. Together, we can understand them and develop ideas for accumulating, protecting, retrieving, and displaying their data.
Human Error and Vulnerabilities
The two forms of errors are latent and active. Latent errors are built into the system (for example, system design and administrative decisions). The active error is the actual event that causes harm or tragedy. Despite being commonly devalued and overlooked, human factors play a significant role in the health of an organization’s information security system.
Security by Design ideas include proactive defence, in-depth defence, fail-safe defaults, least privilege, and role separation. These recommendations urge system developers and software engineers to consider potential security issues and online threats at every stage of the design and development process. By incorporating security into every aspect of their operations, organizations may significantly reduce the likelihood of a security breach due to human error. In the long run, this method has the potential to save firms money and time.
Organizations are more vulnerable than ever due to the growth and severity of security errors that have come to light in recent years. Certain attitudes, practices, and behaviours that encourage unstable connections impact human errors. These negligent activities can provide opportunistic system attackers with meaningful, secret corporate information and resources. The user’s Privacy is then jeopardized due to system intruders hijacking secure sessions.
Designing Secure Authentication Systems
An authentication is proof a user provides to a system which must match the user’s existing data to gain entrants to the system. The system then declares that the user’s identity is valid. Finally, authorization specifies the user’s permitted rights: Knowledge-based (PIN, password), possession-based (devices and smartcards), physiological-based (fingerprint, iris, voice, face), behavioural-based (keystroke dynamics, touch dynamics, motion dynamics), and context-aware factors (physical location, IP addresses, device-specific data, browsing history) are examples of authentication factors.
Authentication solutions protect sensitive data and keep users private and secure. Developing robust authentication systems that can resist new types of cyberattacks is critical since cybersecurity threats are continuously developing along with technology. Secure authentication could be done in the following ways:
- Secure Login with Multiple Factors (MFA): Multiple-factor authentication (MFA) employs a combination of three elements—the user’s knowledge (password), their possession (token or smartphone), and their biometrics—to verify an individual’s identity.
- Guidelines for Passwords: Access control techniques limit users’ access to only the necessary resources and data. ABAC and role-based access control (RBAC) are two popular methods for controlling which users can access what resources. To identify suspicious activity in real-time, it is helpful to monitor authentication events and audit access records continuously.
Conclusion
Ultimately, the security field is rapidly changing, and the contrast between people and technology requires a fundamental change in our approach. Human-centred security takes the lead in this revolutionary process, providing a comprehensive framework that gives equal importance to the human factor and technology defences. In the face of the many problems a digitalized world presents, it is crucial to recognize that achieving good security relies on technical expertise and the human element. Therefore, combining user-centric design, behavioural psychology, and cultural concerns is vital to better understand security risks and how to reduce them effectively.
Cite this article in APA as: Akinsola, A. Human-centered security: Bridging the gap between people and technology. (2024, May 2). Information Matters, Vol. 4, Issue 5. https://informationmatters.org/2024/05/human-centered-security-bridging-the-gap-between-people-and-technology/
Author
-
At the intersection of academia and business, Anuoluwa is a trailblazing figure excelling as a Technical Product Manager and Researcher. Anuoluwa expertly manages teams to create cutting-edge software solutions while leading rapid digital transformations. He is significantly advancing research in human-computer interaction, system architecture and design, and end-user privacy. He embodies a holistic approach to technology and is a proactive champion for user data privacy in HCI. He bridges the gap between theory and implementation. By effectively incorporating research findings into influential business strategies.
View all posts