Usability

Usability testing and analysis helps bridge the gap between a solution that meets a set of requirements and a solution that meets the needs of the organization, people, and processes. Meeting usability objectives is the distinction is between a solution that people want to use (i.e., meets a set of requirements and usability needs) versus one they don’t (i.e., solely meets a set of requirements).

Users will attempt to reduce friction in completing their desired task. A poorly designed user experience will result in users finding workarounds, often circumventing well-intentioned security controls. For a product to achieve the risk mitigation intended by the security requirements, it must integrate usability principles with security controls and, thus, an organization’s maturity in implementing usability is critical to its security outcomes.

Usability Maturity Levels Quality Criteria Required Activity
  • Level 0
  • Level 1: formally established feedback loops with customers
Established processes for receiving feedback from customers and incorporating that feedback into the product Incorporation of feedback into products for:
  • All major releases (partial credit)
  • All updates involving user-facing functionality (full credit)
  • Other(no credit)
  • Level 2: deploy enhanced feedback capabilities
Interview users, accept feedback directly through the product, collect logs and analytics through the product, or other similar approaches; from these, product form reports on findings and plans for incorporating feedback Use commercial software, OS-specific features, and personas and scenarios for:
  • Most major releases (partial credit)
  • All significant changes to user interface functionality (full credit)
  • Other (no credit)
  • Level 3: formal usability testing and analysis program
Formal research on the business processes and users’ behaviors, and conduct usability studies with users interacting with a prototype or version of the software solution. Conduct formal usability testing and integrate results for:
  • Most major releases (partial credit)
  • All significant changes to user interface functionality (full credit)
  • Other (no credit)