Integrating Security and Usability into the Requirements and Design Process - Research Paper Example

Security 1. Introduction System usability and security seem not to get along well in various software development contexts. Some people have the opinion that enhancing one negatively impacts on the other while other people attribute this mismatch to the tendency of system implementers to handle security and usability issues as add-ons to completed systems. Similarly, other experts have attributed the trend to the existence of a conflict of interest between end-users of a software system and the system owners. In this light, this paper discusses the security and usability design issues that pertain to a touch screen register used within the franchises of a large and fast-food chain. Design Analysis The user interface design of the touch screen register has features that enable it attain security. First, the new system enforces access controls by requiring that every cashier supplies a matching pair of user-id and password in order to login to the register. It is not only helpful in preventing non-legitimate access to the register, but also provides a good avenue to introduce role-based authentication. Moreover, it will be possible associating a given cashier with a certain workstation, and in certain instances, it is possible associating a cashier with a certain workgroup. Second, the register's ability to lock after four unsuccessful login attempts is a good strategy to suppress the efforts of brute force attackers and malicious insiders who will constantly use trial and error in a bid to gain unauthorized access to the system. Further, the safety of information stored therein is enhanced by the condition that only the managers can use a keycard to unlock the register following unsuccessful login attempts. Finally, unauthorized access is also prevented by the registers' ability to lock if the screen does not get touched for a period of three minutes. The system also features certain security utilities that to some extent collide with the usability. First, the restriction that only the cashier who was authenticated before the system locked will be in a position to unlock it is a feature that prevents the idea of other end-users performing malicious acts on other people's account profile. Otherwise, new cashiers would need to restart the system. The tool also increases accountability whilst enhancing the system's intention to associate every action with a particular user (Wysocki, 2013). Second, though the condition that only the managers can unlock the registers after locks that are triggered by unsuccessful login attempts is a good feature to enhance system security, increased level of unsuccessful login attempts could mean that the managers are left with limited time to execute their routinely duties. Third, the idea that other cashiers can login for cashiers who forget their login credentials is a big security hitch considering that it compromises on accountability. In essence, permission of this authentication approach makes it more difficult to discern a cashier associated with an attempt to maliciously manipulate the data that is resident within the register. Fourth, presence of the misleading user interface layout encourages entry of incorrect passwords. Finally, the system maintains user session for a very long time even in instances of extended inactivity. The situation particularly breeds inconvenience when certain cashiers fail to log out after ending their shift or while on break. It then compels managers to restart the system if new users are to use the register. It is for these reasons that the managers raise complaints about the system. Suggested Improvements The improvements in the user interface design that could be crucial in enhancing system security whilst enhancing usability include the following. First, the program code that relates to the user login interface should be structured in such a way that any instance of four unsuccessful login attempts makes the system to automatically restart. Second, in view of the current system's potential to compromise on accountability during use, the system should have a "forgot username or password" hyperlink on the user authentication interface to render help to cashiers who forget their user-id or password. Clicking on this link will redirect the victims to a new page that permits them to supply their email addresses through which the system will avail the forgotten login credentials. In addition, the system should have a help button located on the top-right corner of the user interface. Clicking on the help button will enable users to access help content, which will offer insight to stranded cashiers who will be trying to solve authentication issues. Third, to save the managers of the hassle of restarting the system whenever users fail to log out, the user interface could include a "restart button" on the user interface to enable new users to terminate sessions initiated by the previous users whilst restarting the system. In addition, the program code that relates to the user session should be structured in such a way that system inactivity that goes beyond 15 minutes automatically prompts a log out process without requiring a system restart, in readiness for use by another cashier. Finally, the new interface will include on-fly text hints whenever the cashiers focus on the user-id and password form fields. It will go a long way reducing entry of a wrong password or a user-id. The new interface after the improvements suggested above would appear as shown here below. Fig 1.1 new system interface after the suggested improvements 2. Design Plan Management plan for the local DMV system Stage 1: Identify the problem or need At this stage, the managers first raise all concerns that pertain to the use of touch screen register. Closely following is the efforts of the design team to assess the raised concerns, with a proper specification of how an improvement in the user interface would alleviate the raised issues. Identification of the problem plus assessment by the design team could take around two working days. This stage is useful in letting the cashiers and managers offer specifications that will a go a long way in ensuring that the supplied specification match the routine operations within the franchises (Phillips, 2004). Stage 2: Research the problem or need At this stage, the managers and the designers will look into the current condition of the problem at hand along with solutions that have been used in other usage scenarios that relate to the touch screen register. There is the need to slot got time to a research adventure, typically two weeks, considering that the research should give a long lasting and practical solution to the complaints that managers raise during the problem identification stage. One of the utilities that would be of great help in the research endeavor is the Internet. The internet can serve as a good place to trace present business cases that were befallen by the same security and usability issues surrounding the touch screen register, along with solutions that were adopted in an attempt to solve the identified cases (Sudhakar, 2010). On the same note, thorough research can help the design team ensure that the design approach followed when restructuring the user interface allows the system to remain relevant in the face of the rapidly evolving security pitfalls and usability issues. Stage 3: Develop Possible Options At this stage, the design team is to explore every probable option, drawing from science and mathematics. Additionally, the designers articulate all possible options in two or three dimensions. This stage can take about three days and can offer the designers with an opportunity to strike a balance between various user interface issues influencing the design choice. Stage 4: Choose the Best Option Following closely is choice of the design approach that best responds to the concerns raised by the managers earlier on. At this stage, the designers determine the design approach that best matches the predefined franchise business specifications. Recognition of a design approach that matches the business needs can take just a single day given that the designers will already be properly informed about the business needs and the probable design choices. This stage helps the design team to adopt a design choice that will fulfill most if not all business specifications. Typically, designers will attach more weight on whether the selected design approach will be driving the food chain towards its IT-oriented strategic goals plus assessing of implementation changes suggested while problem statement would be a realistic endeavor. Stage 5: Develop a Prototype At this stage, the design team models the chosen option in two or three dimensions. The prototype will offer the design team with an insight into the possible success level of the design choice associated with the new user interface. This stage will take around two weeks because it might require the intervention of programmers and developers. Stage 6: Test then Evaluate At this stage, the design team tests whether the constructed prototype works and whether the prototype complies with the initial design constraints. This stage helps in recognizing any issues that might have been overlooked while selecting the design option that is viable for the touch screen register. Testing alone can take just a single day because the test exercise will center on just a few functionalities added to the user interface in response to the complaints raised by the manager. On the other hand, evaluation will continue to take place as long as step 8 gets executed. Stage 7: Communicate of the developed solution. At this point, the design team makes an engineering presentation that is inclusive of a description of the way the adopted options or solutions meet the specifications of the original need, problem or development opportunity. This stage allows the design team to handle issues like the societal impact of the adopted solution. The advancement in the tools that are usable communication can allow the design team to channel messages about the outcomes of the design project in half a day. Stage 8: Redesign This stage permits the design team to reconsider a previously made design choice. The stage is useful in tackling any overhaul that might have arisen during the business specification or the design testing stage. Coming up with a user interface of the touch screen register, mainly relies on whether the managers feel satisfied with the changes in the user interface design (Westland, 2007). For this reason, the design process will be performed as long as the managers do not find satisfaction in a new user interface. Balancing Security and Usability The touch screen register clearly emphasizes access security by requiring all cashiers to provide a user-id and password. At the same time, the system depicts efficiency in the user interface design by providing users with an interface through which they are to supply the login credentials in readiness for authentication. In its current state of operation, the managers are forced to restart the system whenever a previous user fails to log out of the system so as to allow the subsequent cashiers to log in. In addition to enhancing security, this state fulfills one attribute that has is common place among all end users of computer systems. System end-users have a strong urge to have their privacy protected. As such, security designers are often compelled to make design decisions that are in harmony with the urge of the end users to have their privacy protected. A number of applications fail because the designers of such applications often protect unnecessary or wrong things, or if they protect the right things then it is often done in the wrong way. Numerous surveys reveal that security incidents within the software industry are on the rise, and this trend underscores the challenges of designing good security. According to Flechais, Mascolo & Sasse (2007), the latest approaches have tried to handle security issues from a technological aspect with others using the aspect of human-computer interaction. The latter approach focuses on providing improved user interface to enhance the usability of security mechanisms. References Flechais, I., Mascolo, C., & Sasse, M. A. (2007). Integrating security and usability into the requirements and design process. International Journal of Electronic Security and Digital Forensics, 1(1), 12-26. Phillips, D. (2004). The software project manager's handbook: Principles that work at work. Los Alamitos, Calif: IEEE Computer Society [u.a.. Sudhakar, G. P. (2010). Elements of software project management. New Delhi: PHI Learning Private Limited. Westland, J. (2007). The project management lifecycle: A complete step-by-step methodology for initiating, planning, executing and closing a project successfully. London [etc.: Kogan Page. Wysocki, R. K. (2013). Effective software project management. Hoboken, N.J: Wiley. Read More