The practitioner’s view on diversity in cybersecurity design highlights several critical aspects related to user experience and inclusivity:
- Universal User vs. Diverse Users: The idea that there is no single “universal user” is central to inclusive cybersecurity design. Systems must accommodate a wide range of users, including those with varying levels of experience and abilities. For instance, older individuals who may not have used computers extensively or those with cognitive or vision difficulties need to be considered when designing systems. This perspective challenges the assumption that a one-size-fits-all approach will suffice.
- Capabilities Approach: The “capability approach,” discussed by Renaud and Chowdhury, emphasizes that systems should be designed based on the capabilities of potential users. This means identifying the skills and resources users must have to effectively use a system and acknowledging who might be excluded due to lack of these capabilities.
- Accessibility Issues: Accessibility should be a fundamental consideration in system design. For example, ensuring that systems are usable by people with different abilities and ensuring that there are alternative options for those who cannot use certain features, such as a webcam for verification processes, is crucial.
- User Experience and Inclusivity: The design should consider diverse user experiences. For instance, the example of a senior citizen fearing data loss when making backups highlights the need for clear instructions and reassurance about how features work. Design should not only focus on technical usability but also address emotional and psychological barriers.
- Hidden Accessibility Features: The discussion points out that some accessibility features, like those available on iPhones, can improve security and usability but are often not well-publicized. Making these features more visible and integrated into the design can enhance overall user experience.
- Legal and Practical Considerations: While accessibility is legally mandated, practical application often falls short. Usability testing has improved, but there is a need to also address non-disability-related disadvantages such as socioeconomic status, which can impact access to necessary technology.
Reference:
- Renaud, K., & Chowdhury, P.D. (2023). “Ought’ should not assume ‘can’? Basic capabilities in cybersecurity to Ground Sen’s capability approach.” In Proceedings of the 2023 New Security Paradigms Workshop, pp. 76–91.
Optional Reference:
- Schauberger, U. (2023). “Universal Barriers to Access.”
We love to share our knowledge on current technologies. Our motto is ‘Do our best so that we can’t blame ourselves for anything“.