Speaker: Todd Inskeep, Bank of America.
Title: Roots of Trusted Interfaces and the User Experience
Addressing the problems associated with trustworthy interfaces requires us to remember what trustworthy means, why the trust is so difficult, and what a user experience needs to look like. Starting with an original Rand report from the late 1960's and a brief look at Orange Book and Common Criteria, I'd like to set the stage for considering the trust issue that occurs when solutions look like "we'll run this application that does " something on top of an untrustworthy system. Untrustworthy? - Yes, because of real user behavior AND'ed with Microsoft's 10 Immutable Laws of Security. This discussion will conclude with a review of the user requirements a typical banking system faces for real users and their experience in using online authentication.
Todd Inskeep has over 18 years of Information Security experience ranging from secure radio and desktop systems to Security Architecture and Infrastructure at Bank of America. He's a CISSP with an Master's in Strategic Intelligence currently leading various architecture projects within Bank of America's Information Security group. He also teaches security & risk management part-time at the University of North Carolina at Charlotte's NSA-Designated Center of Excellence in Information Assurance. Currently Todd is focused on the bank's security architecture and strategy for authentication systems.