Speaker: Todd Inskeep, Bank of America.
Title: Roots of Trusted Interfaces and the User Experience
Abstract:
Addressing the problems associated with trustworthy interfaces
requires us to remember what trustworthy means, why the trust is so
difficult, and what a user experience needs to look like. Starting
with an original Rand report from the late 1960's and a brief look at
Orange Book and Common Criteria, I'd like to set the stage for
considering the trust issue that occurs when solutions look like
"we'll run this application that doesÂ…" something on top of an
untrustworthy system. Untrustworthy? - Yes, because of real user
behavior AND'ed with Microsoft's 10 Immutable Laws of Security. This
discussion will conclude with a review of the user requirements a
typical banking system faces for real users and their experience in
using online authentication.
Biography:
Todd Inskeep has over 18 years of Information Security experience
ranging from secure radio and desktop systems to Security Architecture
and Infrastructure at Bank of America. He's a CISSP with an Master's
in Strategic Intelligence currently leading various architecture
projects within Bank of America's Information Security group. He also
teaches security & risk management part-time at the University of
North Carolina at Charlotte's NSA-Designated Center of Excellence in
Information Assurance. Currently Todd is focused on the bank's
security architecture and strategy for authentication systems.