Patterns
- Active Warnings
- Attractive Options
- Complete Delete
- Conveying Threats & Consequences
- Create a Security Lexicon
- Create Keys When Needed
- Delayed Unrecoverable Action
- Detailed Notifications About Security
- Direct Access to UI Components
- Disable by Default
- Disable of Services
- Disclose Significant Deviations
- Distinguish Between Run and Open
- Distinguish Internal Senders
- Distinguish Security Levels
- Email-Based Identification and Authentication
- Explicit Item Delete
- Explicit User Audit
- Failing Safely
- General Notifications About Security
- Immediate Notifications
- Immediate Options
- Indirect Access to UI Components
- Informative Dialogues
- Install Before Execute
- Key Continuity Management
- Levels of Severity
- Leverage Existing Identification
- Localization of Specific Areas
- Migrate and Backup Keys
- Noticeable Contextual Indicators
- Providing Recommendations
- Quick Description of UI Components
- Redundant Notifications
- Reset to Installation
- Restricted Areas Notification
- Security Features Used by the System
- Security Features Used by the User
- Send S/MIME-Signed Email
- Separating Content
- Sequential Access to UI Components
- Suggestive Dialogues
- System’s Security Tasks
- The Absence of Indicators
- Track Received Keys
- Track Recipients
- Warn When Unsafe
Patterns are based on scientific sources.
Usable Security Pattern - Distinguish Security Levels
Luigi Lo Iacono, Peter Nehren
December 21, 2015
Distinguish Security Levels
| Name | Distinguish Security Levels |
| Sources | (Garfinkel, 2005) |
| Synonyms | None |
| Context | Users can only make informed decisions about security if they are in fact informed. |
| Problem | How to distinguish security levels? |
| Solution | Give the user a simple way to distinguish between similar operations that are more-secure and less-secure. The visual indications should be consistent across products, packages and vendors. |
| Examples | The SSL lock icon; the icons to indicate if email is signed or encrypted. The Windows Security Center indicates if anti-virus protection is enabled or not.  Source: (Garfinkel, 2005) |
| Implementation | Web browsers display a lock icon when a web page is received over SSL. (They should also indicate if data sent back to the server will be sent over an encrypted channel.) Email clients can indicate whether or not mail is downloaded using SSL. |
| Consequences | The user can readily determine whether or not security features are enabled. |
| Dependencies | None |
| Relationships | [Detailed Notifications about Security] |
| Principles | [Identifiability] [Consistent Controls and Placement] |
| Guidelines | None |
| Check lists | None |
| Use cases | None |
| Tags | Distinguish Security Levels, Detailed Notifications about Security, Self-descriptiveness |
| Log history | [12/21/2015]: Added to repository |
References
Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.