Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Exam Revision > ISM W34 > Flashcards

ISM W34 Flashcards

(14 cards)

Start Studying
1
Q

Usability in international standards - NARROW SENSE VS BROADER SENSE

A

(ISO standards (ISO/TC 159/SC 4) - ISO 9241 Ergonomics of human-system interaction - ISO 9241-11:2018 Usability Definitions and Concepts:)

USABILITY (NARROW SENSE): “the extent to which a system, product or service can be used by specified users to achieve
specified goals with effectiveness, efficiency and satisfaction in a specified context of use”

  • EFFECTIVENESS: “the accuracy and completeness with which users achieve specified goals”
  • EFFICIENCY: “the resources used in relation to the results achieved” (time, human effort, money and materials)
  • SATISFACTION: “the extent to which the user’s physical, cognitive and emotional responses that result from use of a system,
    product or service meet user’s needs and expectations”

………………………………………………………………….

(ISO standards (ISO/TC 159/SC 4) - ISO 9241 Ergonomics of human-system interaction
- ISO 9241-11:2018 Usability Definitions and Concepts:)

USABILITY + Other outcomes of use = Human-centred quality (Usability in a BROADER SENSE):

ACCESSIBILITY: Meeting the widest range of user needs (e.g., needs of the disabled people) in diverse contexts of use

USER EXPERIENCE: “a person’s perceptions and responses that result from the use and/or anticipated use of a system, product
or service” (focus more on individual experience)

SATISFACTION (in usability) focuses more on collective goals.

AVOIDANCE OF HARM FROM USE: “negative outcomes that could
arise from inappropriate forms of interaction or inappropriate
outputs”
(One example: “Lack of trust, security or privacy”).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security as part of usability?

A

Security can be argued as part of usability.

  • Part of effectiveness: A security system is not effective if it does not provide a sufficient level of security.
  • Part of satisfaction: You will not be satisfied if a security system does not provide a sufficient level of
    security.
  • Part of avoidance of harm from use: A security system tries to avoid some security-related harm(s).
    (There is not always a clear cut between the two!)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ASPECTS BEYOND ISO 9241-11:2018 STANDARD:

A
  • Flexibility / Adaptability / Manageability /
    Reconfigurability / Scalability /
    Sustainability / …

A computer system should be flexible enough to adapt to the environment and the users’ needs, easy to manage, easy to set up and (re)configure, easy to
scaled up or down, easy to sustain for a longer term,

  • Resilience / Robustness / Recoverability /
    Fault Tolerance / …

A computer system should be resilient and robust enough to attacks, system failures and errors, and can recover easily to support continuity of use, …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DIFFERENCE BETWEEN OUR DEFINITION OF USABILITY VS ISO DEFINITION OF USABILITY

A
  • Usability (for us) = Usability
  • Usability (ISO sense) = Security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

More on the Security-usability dilemma

A
  • Security is often NOT what users want – users want their work done and they don’t know what security really means!
  • Security often requires users to make HARD decisions, but they do NOT have enough time or experience!
  • Higher security often requires more computation. ⇒ Higher
    costs, slower process, more difficult to understand and use, user’s tendency to misuse (intentional or unintentional)
  • Large systems involve many components and different groups of users. ⇒ Requirements of different components
    and users may conflict.
  • Different aspects of security may conflict with each other as well, which further complicate the problem.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ISO 9241-11 usability (narrow sense) ASSESSING USE OF PASSWORDS

When analysing usability of a real-world system, it is important to think
about tangible metrics and concrete points

A
  • Effectiveness: login error rate, rate of forgetting password, …
  • Efficiency: login time, time to set (choose) a password; human efforts to set, to remember, and to type a password; sometimes may have to pay for getting a
    password (e.g., paid services); no additional material involved; …
  • Satisfaction: mixed feeling for most users; largely acceptable given the fact that it remains the most popular (used) user authentication method
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ISO 9241-11 usability (broad sense; human-centred quality)
ASSESSING USE OF PASSWORDS

When analysing usability of a real-world system, it is important to think
about tangible metrics and concrete points

A
  • Accessibility: unusable for blind people and people with difficulties moving arms/hands/fingers, …
  • User experience: individual user experience differs from person to person
  • Avoidance of harm from use such as psychological stress (to set password and to worry about potential breach of passwords);
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Usability (out of the ISO box)
Beyond ISO 9241-11
ASSESSING USE OF PASSWORDS

When analysing usability of a real-world system, it is important to think
about tangible metrics and concrete points

A

Flexibility / Adaptability / Manageability /
Reconfigurability / Scalability / Sustainability / …

  • Largely flexible although different password policies may require changing passwords; …

Resilience / Robustness / Recoverability / Fault Tolerance / …

  • Mechanisms exist to make a password system more resilient: password reset through email / phone / security questions / etc., physical means to reset password (e.g., go to a bank branch),
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ISO 9241-11 usability (narrow sense)

When analysing usability of a real-world system, it is important to think
about tangible metrics and concrete points

A
  • Effectiveness: failure to enrol rate, false reject rate
  • Efficiency: login time (depending on modality but mostly short), time to enrol (depending on modality but mostly slow especially for behavioural biometrics);
    human efforts relatively light for login but less so for enrolment (especially for behavioural biometrics); additional costs for both sensors at the client and more
    complicated software at the server side although not very high; some material needed for some modality; …
  • Satisfaction: largely OK but probably worse than password-based system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ISO 9241-11 usability (broad sense; human-centred quality)
ASSESSING USE OF BIOMETRICS

When analysing usability of a real-world system, it is important to think
about tangible metrics and concrete points

A
  • Accessibility: for each modality there will be some people who cannot use it (e.g., fingerprint-based systems cannot work for people without fingers)
  • User experience: individual experience differs from person to person but largely OK (note the consequence of the non-zero false accept rate ⇒ backup method)
  • Avoidance of harm from use: loss of privacy due to biometric templates stored at server side, , loss of safety (e.g. criminals harming a user to gain access), psychological worry on impersonation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Usability (out of the ISO box)
Beyond ISO 9241-11
ASSESSING USE OF BIOMETRICS

When analysing usability of a real-world system, it is important to think
about tangible metrics and concrete points

A

Flexibility / Adaptability / Manageability /
Reconfigurability / Scalability / Sustainability / …

  • Largely OK as the sensors and software needed are mostly quite standard and well supported; less flexible compared with passwords as the latter does
    not involve any (even minor) issues about hardware or software; …
  • Resilience / Robustness / Recoverability / Fault Tolerance / …
  • For some modalities it is impossible to recover from loss or failures ⇒ One has to use a backup method;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

More user authentication solutions TO SECURITY-USABILITY DILEMNNA

A
  • PASSWORD CHECKERS AND METERS
  • PASSWORD MANAGERS
  • Graphical passwords
  • Other knowledge-based authentication
  • Password policies
  • Dynamic passwords (i.e., OTPs = one-time passwords)
  • Hardware-based solutions
  • Context-based authentication
  • Risk-based authentication
  • Multi-factor authentication
  • Single-sign-on (SSO)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Network security solutions TO SECURITY-USABILITY DILEMNNA

A
  • Security protocols (e.g., IPSec, DNSSEC, HTTPS)
  • Email encryption
  • VPNs
  • Firewalls
  • Network intrusion detection systems (IDSs)
  • Honeypots
  • Privacy enhancing techniques (e.g., Tor)
  • Spam and phishing email detectors
  • Distributed ledgers (i.e., blockchains)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

System security solutions TO SECURITY-USABILITY DILEMNNA

A
  • CAPTCHAs
  • Digital certificates
  • Different access control mechanisms
    (Role-based access control, Sandboxing, Windows user account control (UAC))
  • Anti-malware software
  • Trusted computing techniques and tools
  • Host-based IDS (HIDS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Exam Revision (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions