Online Resource

Online Resource

Hayden Library - BM585.2.B47 2019

Dewey Library - BV4396.W66 2019

Hayden Library - QP363.2.N47 2017

Online Resource

Hayden Library - QP495.M37 2017

Online Resource

Hayden Library - QP411.P43 2019

Hayden Library - PR9550.9.B8 A8 2019

India continues to see a shortfall in the availability of personal protection equipment (PPE) for healthcare even as the government significantly ramps up domestic production and some kits from China failed quality tests.

Hayden Library - PT2647.A64 A2 2012

Hayden Library - PT2720.O46 E55 2014

Hayden Library - PT2665.R59 A6413 2014

Hayden Library - PT2621.A26 V413 2016

Hayden Library - PT2671.L84 K66 2015

Hayden Library - PT2682.A87 E8813 2016

Hayden Library - PT2603.R397 A9513 2013b

Hayden Library - PT2665.R59 G3713 2017

Hayden Library - PT2635.I65 A2 2017

A new project out of the Center for Open Science in Charlottesville, Virginia, found that of all the experimental social science papers published in Science and Nature from 2010–15, 62% successfully replicated, even when larger sample sizes were used. What does this say about peer review? Host Sarah Crespi talks with Staff Writer Kelly Servick about how this project stacks up against similar replication efforts, and whether we can achieve similar results by merely asking people to guess whether a study can be replicated. Podcast producer Meagan Cantwell interviews Emily Brodsky of the University of California, Santa Cruz, about her research report examining why earthquakes occur as far as 10 kilometers from wastewater injection and fracking sites. Emily discusses why the well-established mechanism for human-induced earthquakes doesn’t explain this distance, and how these findings may influence where we place injection wells in the future. In this month’s book podcast, Jen Golbeck interviews Judea Pearl and Dana McKenzie, authors of The Book of Why: The New Science of Cause and Effect. They propose that researchers have for too long shied away from claiming causality and provide a road map for bringing cause and effect back into science. This week’s episode was edited by Podigy. Download a transcript of this episode (PDF) Listen to previous podcasts. About the Science Podcast [Image: Jens Lambert, Shutterstock; Music: Jeffrey Cook]

CLOUD (Conference) (12th : 2019 : San Diego, Calif.)

Dewey Library - HD30.28.O72 2019

Hayden Library - TC557.A2 D39 2019

Polk, William R. (William Roe), 1929- author

Goodman, Martin, 1953- author

Online Resource

Dewey Library - QH541.M526 2019

Online Resource

Hayden Library - QH541.5.P7 W435 2018

Divya Sasidharan calls into question the trade-offs often made between security and usability. Does a secure interface by necessity need to be hard to use? Or is it the choice we make based on years of habit? Snow has fallen, snow on snow.

Security is often synonymous with poor usability. We assume that in order for something to be secure, it needs to by default appear impenetrable to disincentivize potential bad actors. While this premise is true in many instances like in the security of a bank, it relies on a fundamental assumption: that there is no room for choice.

With the option to choose, a user almost inevitably picks a more usable system or adapts how they interact with it regardless of how insecure it may be. In the context of the web, passwords are a prime example of such behavior. Though passwords were implemented as a way to drastically reduce the risk of attack, they proved to be marginally effective. In the name of convenience, complex, more secure passwords were shirked in favor of easy to remember ones, and passwords were liberally reused across accounts. This example clearly illustrates that usability and security are not mutually exclusive. Rather, security depends on usability, and it is imperative to get user buy-in in order to properly secure our applications.

Security and Usability; a tale of broken trust

At its core, security is about fostering trust. In addition to protecting user accounts from malicious attacks, security protocols provide users with the peace of mind that their accounts and personal information is safe. Ironically, that peace of mind is incumbent on users using the security protocols in the first place, which further relies on them accepting that security is needed. With the increased frequency of cyber security threats and data breaches over the last couple of years, users have grown to be less trusting of security experts and their measures. Security experts have equally become less trusting of users, and see them as the “the weakest link in the chain”. This has led to more cumbersome security practices such as mandatory 2FA and constant re-login flows which bottlenecks users from accomplishing essential tasks. Because of this break down in trust, there is a natural inclination to shortcut security altogether.

Build a culture of trust not fear

Building trust among users requires empowering them to believe that their individual actions have a larger impact on the security of the overall organization. If a user understands that their behavior can put critical resources of an organization at risk, they will more likely behave with security in mind. For this to work, nuance is key. Deeming that every resource needs a similarly high number of checks and balances diminishes how users perceive security and adds unnecessary bottlenecks to user workflows.

In order to lay the foundation for good security, it’s worth noting that risk analysis is the bedrock of security design. Instead of blindly implementing standard security measures recommended by the experts, a better approach is to tailor security protocols to meet specific use cases and adapt as much as possible to user workflows. Here are some examples of how to do just that:

Risk based authentication

Risk based authentication is a powerful way to perform a holistic assessment of the threats facing an organization. Risks occur at the intersection of vulnerability and threat. A high risk account is vulnerable and faces the very real threat of a potential breach. Generally, risk based authentication is about calculating a risk score associated with accounts and determining the proper approach to securing it. It takes into account a combination of the likelihood that that risk will materialize and the impact on the organization should the risk come to pass. With this system, an organization can easily adapt access to resources depending on how critical they are to the business; for instance, internal documentation may not warrant 2FA, while accessing business and financial records may.

Dynamically adaptive auth

Similar to risk based auth, dynamically adaptive auth adjusts to the current situation. Security can be strengthened and slackened as warranted, depending on how risky the access point is. A user accessing an account from a trusted device in a known location may be deemed low risk and therefore not in need of extra security layers. Likewise, a user exhibiting predictive patterns of use should be granted quick and easy access to resources. The ability to adapt authentication based on the most recent security profile of a user significantly improves the experience by reducing unnecessary friction.

Conclusion

Historically, security failed to take the user experience into account, putting the onus of securing accounts solely on users. Considering the fate of password security, we can neither rely on users nor stringent security mechanisms to keep our accounts safe. Instead, we should aim for security measures that give users the freedom to bypass them as needed while still protecting our accounts from attack. The fate of secure systems lies in the understanding that security is a process that must constantly adapt to face the shifting landscape of user behavior and potential threats.

About the author

Divya is a web developer who is passionate about open source and the web. She is currently a developer experience engineer at Netlify, and believes that there is a better workflow for building and deploying sites that doesn’t require a server—ask her about the JAMstack. You will most likely find her in the sunniest spot in the room with a cup of tea in hand.

More articles by Divya

Dewey Library - JK1896.W37 2019

Rotch Library - HV6432.7.N485 2018

About 25,000 people from over 114 affected villages have been shifted to safer places.

Berlin, Heidelberg : Springer Berlin Heidelberg, 2007

Berlin ; New York : Springer, [2006]

Berlin ; New York : Springer, [2006]

Sueyoshi, T. (Toshiyuki), 1954- author

Converter and Fire Refining Practices Symposium (2005 : San Francisco, Calif.)