LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,100 courses taught by industry experts.

Psychological acceptability

Psychological acceptability

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Psychological acceptability

“

- [Presenter] The more you learn about application security, the more tempted you may be to rush out and implement each and every security control in your toolkit. Please, I am begging you do not do this. Now, I bet you're thinking, "Well, wait a minute, Jared. I thought the whole point behind learning this stuff was so we could start using it?" Yes, that is absolutely true, but too much security will frustrate your users, which can also have a negative impact on the security of your application. You should approach security with psychological acceptability in mind. Look at your application from an end user's point of view. Now, they may not fully understand why you put a certain control in place. In their eyes, that one control might be slowing them down. Maybe it's just making it harder for them to do their job. And what do you think a user will do when they bump up against an obstacle like this? Yes, that's right. They will find a way around it. In the medical profession, the…

Contents