Protecting You

January/February 2014

IEEE Security & Privacy magazine cover

Usable security is often seen as simply an enabler of good security behavior: if the actions required aren't too difficult or effortful, users will do so. But human-centered design of security means enabling users to make informed security choices. First, their preferred choice needs to be available. Authors of privacy policies should take note here, and service providers need to manage their security issues without burdening legitimate customers (solving CAPTCHAs to prove you are human isn't something a customer would choose to do, ever). Second, we need to accept that users sometimes choose to take risks. Protecting users means giving them an accurate understanding of possible consequences, and the likelihood of them occurring. Read full article »

About IEEE Security & Privacy

IEEE Security & Privacy magazine provides articles with both a practical and research bent by the top thinkers in the field along with case studies, tutorials, columns, and in-depth interviews and podcasts for the information security industry.

Articles from IEEE Security & Privacy

E-biobanking: What Have You Done to My Cell Samples?

E-biobanking: What Have You Done to My Cell Samples?

The rise in biobanking (collecting and storing human biological material) has increased the need to store large quantities of related data and make that data available to researchers and others. However, this introduces concerns regarding data security and dependability. The BiobankCloud project is developing technology to help create e-biobanking ecosystems based on a secure, dependable private-public "cloud of clouds" accessed through platform-as-a-service interfaces. Read full
article »

Highlights from Making Sense of Snowden, Part II: What's Significant in the NSA Revelations

Highlights from Making Sense of Snowden, Part II: What's Significant in the NSA Revelations

Susan Landau gives an update and analysis on the impact of Edward Snowden's initial leak of documents. It summarizes what we know and also offers references that might prove useful in helping you come to your own conclusions about the leaks' import and impact. Read full article »


Arguing that it's time to give up on elaborate password rules, Google Vice President of Security Eric Grosse and engineer Mayank Upadhyay present a better way to achieve stronger user identification. Read full article »


Podcast: Silver Bullet

Silver Bullet Security Podcast logo

Ming Chow
Gary chats with Ming Chow, lecturer at Tufts University School of Engineering's Department of Computer Science. They discuss whether it's better to start with security people or people that know how to code already when building new software security professionals. They also talk about what developers currently think of software security, what would make developers more likely to take security seriously, and how Ming uses games to teach security to his students. They close out their chat with talk of obscure and not-so-obscure music. More podcast episodes »