Join for Free
Log In

Arts and Humanities
Business
Computer Science
Data Science
Information Technology
Health
Math and Logic
Personal Development
Physical Science and Engineering
Social Sciences
Language Learning
Degrees
Certificates

Explore all of Coursera

Browse
Search
For Enterprise
Log In
Join for Free

Interview: Phishing

Loading...

Usable Security

University of Maryland, College Park

4.5 (1,566 ratings) | 38K Students Enrolled

Course 1 of 5 in the Cybersecurity Specialization

This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, and apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.

Skills You'll Learn

Cybersecurity, Usability, Privacy, User Interface

Reviews

4.5 (1,566 ratings)

5 stars
1,029 ratings
4 stars
406 ratings
3 stars
78 ratings
2 stars
24 ratings
1 star
29 ratings

KM

Jul 15, 2018

It gave me a broader scope in terms of developing a process or a system. It taught me that designing usability and security must come during the early stages of design instead of an after thought.

MM

Sep 22, 2017

I am really happy to join this perfect course . i want to continue in this course and i will every time of my life to learn many things . specially from the Coursera community thank you very much.

From the lesson

Week 3

Evaluation: usability studies, A/B testing, quantitative and qualitative evaluation, cybersecurity case study

Qualitative Evaluation15:46

Running Controlled Experiments11:56

Usability Studies16:45

A/B Testing15:44

Case Study: Phishing Email - paper discussion8:17

Interview: Phishing3:35

Taught By

Jennifer Golbeck
Director

Transcript

[SOUND] Now we're going to continue our interview with Lorrie Cranor and

talk about the phishing paper and other general lessons in usable security.

>> Yeah so, so that paper.

[LAUGH], that's an oldy but a goody.

[LAUGH] Got great a while ago.

I, I think by the time we got to doing that study I think we had

a pretty good idea that that we were going to see a lot of people falling for

these attacks and we had a good idea that Internet Explorer was particularly bad.

and, and the, the data bore that out.

I think the surprising thing for us was why people were falling for things.

And I think you know,

one of, one of the most surprising points which I think we described in the paper

was the anecdote where we saw people who would get the warning in the browser,

close the browser, go back to their email, click on it again.

Again. Go back to the browser,

close the browser and repeat this like eight time.

And clearly they had a mental model that wasn't matching our mental model.

because this made no sense to us.

And then when we asked them about it and it was more than one person who did this,

you know, they, they basically it became clear that, that the, the browser

warning was informing them that there was something wrong with the website.

And in their mind that had nothing to do with the email.

The, the email was fine,

you know there was just something wrong with the website so obviously if

you go back to the email and click again, maybe the problem will clear up.

and, and that they really had no idea of what,

what the browser warning was really trying to communicate to them.

Yeah, well I, I, I think I mean,

it does speak to the importance of observing users and doing user studies.

And, you know, realizing that users don't think the way you do.

[LAUGH] You know, you're not your users and, and

so I think every time we do a study like this, we do have these surprising things

that if we'd only talked to ourselves we would have never, have figured out.

And, and it really is important to, to talk to a wider group and

not just people like you.

So, so I think to improve the usability and

security of systems it's, it's really important to

think systematically about how users are going to interact with the systems.

And I think you want to go through from the beginning,

what is the first thing you're asking your user to do?

When do they do it?

How do they do it?

You know, walk through the whole process write down all the steps.

And I think when you do that you'll start to see in many systems,

wow there are a lot of steps here.

And I think then you can start looking at those steps and saying well, are,

are these all steps that are really necessary to have the end user do,

you know is there stuff that we can automate and

just have the system do automatically and not ask the user to do it.

And which are the things that,

yes it's really important to have a live human being doing.

And can we make those as pain free as possible and

as clear as possible so that the human is likely to actually,

do them properly and maintain the security of the system.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2019 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play

Coursera
About
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government

Community
Learners
Partners
Developers
Beta Testers
Translators

Connect
Blog
Facebook
LinkedIn
Twitter
Instagram
YouTube
Tech Blog

More
Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates