Technology-Lawyer

Dennis Kennedy

Technology Law and Legal Technology. Dennis Kennedy is one of the few technology lawyers who is also an expert on the underlying technologies. Dennis an award-winning leader in the application of technology and the Internet to the practice of law. DennisKennedy.com gives you access to a wide variety of Dennis Kennedy's resources on legal technology, his writings, his well-known blog, DennisKennedy.Blog, and information about how you can have Dennis speak to your organization or group.

Dennis Kennedy is one of the most knowledgeable legal technologists you will find. - Michael Arkfeld.

Dennis Kennedy, a lawyer and legal technology expert in St. Louis, Mo., has been a significant influence in the ever-evolving relationship between lawyers and the Web. - Robert Ambrogi

Garfinkel on Computer Security – Keep It Simple

Simson Garfinkel’s “Keep It Simple” article on CSOOnline.com does a nice job of laying out one of the fundamental issues of computer security – how do you balance security against usability.
Garfinkel says:
“If you’re not thoughtful about your approach to balancing computer security with computer usability, you may end up with neither.”
Amen.
He also notes that a few new developments are helping out us users. “Today, features like file encryption and disk sanitization are built directly into applications and operating systems. The result is that using cryptography to protect a document is now much easier.”
Garfinkel advocates something he calls “secure usability”:
“A good user interface sitting atop a strong security substrate is a good start, but it’s still not enough to create applications where security and usability go hand-in-hand. That extra step?something I call “secure usability”?comes from a user interface that guides the user to secure practices by making other practices difficult or impossible.”
His conclusion is definitely worth spending some time to think about.
“I believe that we can ultimately resolve many of the apparent conflicts between security and usability in a way that addresses both concerns. In the case of passwords, the answer would be to use fairly short passwords but to constantly monitor users’ behavior to see if they do anything out of the ordinary. If a salesman, for instance, starts trying to download secret plans for an unannounced product, I would want that salesman stopped?even if he authenticated using a password, a smart card and an iris scanner. The balance between security and usability should be fluid, not fixed.”
We, the users, have already shown over and over again that we need to be protected against ourselves when it comes to security. I think that Garfinkel may be on to something that will actually work in most situations. As they say, however, the devil will be in th details.

Permalink: Garfinkel on Computer Security – Keep It Simple

Comments are closed.

Dennis on the Web

Archives

Attorney Lawyer website design for Law Firms
Spry New Media Quality custom web site design, development and promotional services for Attorneys and Law Firms.