Speaker: Scott Miller, Section Head-Development Section, Department of Safeguards (IAEA) Security decisions are often done without considering the end-user impact. Will a security procedure be followed by an end-user or in the interest of time and effort will it be avoided? Should our effort be on motivating end-users to follow security procedures? Or can we improve the user experience to support good security habits? How do we get security professional and designers working toward a common goal? This talk will try to answer some of these questions.

1. Can Security and User Experience
coexist?
SCOTT MILLER | ROX CONFERENCE |
NOVEMBER 9 2017

2. 2
Tailgating
Can’t comply
Something went wrong
Solution:
• Monitoring
• Design for change

3. 3
Phishing
Could comply but
No clear reason to comply
Solution:
• Training
• Accountability
• Monitoring
• Culture

4. 4
Passwords
Could comply
But the cost of compliance is too high
Solution:
• Human Factors
• Design + Security in balance
• Monitoring

5. Take Away
Design Transparent Compliance
Verify Expected Behavior
Design for change
Train when appropriate