« Breaking ANSI X9.9 OTP Tokens | Main | What it takes to make the Internet secure »

The law of least resistance

As folk who heard me speak at Financial Crypto this year know, I am currently trying to develop laws of security usability. We have a significant quantity of raw information concerning usability of particular systems but few attempts to systematize and generalize from these data points to develop actionable design rules for designing usable systems.

As more details of the Societe Generale incident emerge, it begins to look like a usability problem. Dominic O'Connor at the Register presents an all to credible explanation of how the disaster might well have occurred: Controls were in place that should have detected the issue and may well have done so, but it appears that the usability of those systems was flawed. The managers followed the path of least resistance.

Posted by Phillip Hallam-Baker on February 1, 2008 09:32 AM

TrackBack

TrackBack URL for this entry:
http://blogs.verisign.com/cgi/mt/mt-tb.cgi/732

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)