Usability#
Usability testing and analysis helps bridge the gap between a solution that meets a set of requirements and a solution that meets the needs of the organization, people, and processes. Meeting usability objectives is the distinction is between a solution that people want to use (i.e., meets a set of requirements and usability needs) versus one they don’t (i.e., solely meets a set of requirements).
Users will attempt to reduce friction in completing their desired task. A poorly designed user experience will result in users finding workarounds, often circumventing well-intentioned security controls. For a product to achieve the risk mitigation intended by the security requirements, it must integrate usability principles with security controls and, thus, an organization’s maturity in implementing usability is critical to its security outcomes.
Usability Maturity Levels |
Quality Criteria |
Required Activity |
|---|---|---|
Level 0 |
||
Level 1: formally established feedback loops with customers |
Established processes for receiving feedback from customers and incorporating that feedback into the product |
Incorporation of feedback into products for:
|
Level 2: deploy enhanced feedback capabilities |
Interview users, accept feedback directly through the product, collect logs and analytics through the product, or other similar approaches; from these, product form reports on findings and plans for incorporating feedback |
Use commercial software, OS-specific features, and personas and scenarios for:
|
Level 3: formal usability testing and analysis program |
Formal research on the business processes and users’ behaviors, and conduct usability studies with users interacting with a prototype or version of the software solution. |
Conduct formal usability testing and integrate results for:
|