INFO2222 · Computing 2 Usability and Security
Usability and Security: The Two Pillars
Week 1 frames the whole unit: professional computing systems must be both usable and secure, and the two goals can pull against each other. This foundation — the six usability goals, the CIA triad, and the idea of a system model and a threat model — is sampled directly in the early in-class quizzes and reappears as recall-and-apply items in the 50% final exam, which weights the usability and security halves roughly equally.
What this chapter covers
- 01User interface, usability (Nielsen) and HCI as the field; why a bad UI is costly (Three Mile Island indicator lesson)
- 02Good vs poor design and affordances — the 'Norman Door' as a canonical bad-signifier example
- 03The six usability goals: effectiveness, efficiency, safety, utility, learnability, memorability — and that they trade off
- 04User experience (UX) as the felt quality of use, distinct from (but overlapping) usability
- 05User-Centred Design at a glance: Requirements → Design → Prototyping → Evaluation, iterating with the user central
- 06The CIA triad — confidentiality, integrity, availability — as the core security properties
- 07Threat-identification and risk models by name: STRIDE (spoofing/tampering/repudiation/info-disclosure/DoS/elevation) and DREAD
- 08Usability and security together: systems must stay secure even when a UI misleads a stressed or careless user (Bybit case)
Classify design and security requirements for a banking app
- +1(1) 'Complete a transfer without a manual' is about how easily a new user picks the system up on first use — this is the usability goal of learnability. (Do not confuse it with memorability, which is about remembering the system after a break.)
- +1(2) 'The balance must not change without an authorised transaction' means data cannot be altered undetectably or without authority — this is the integrity property of the CIA triad, not confidentiality.
- +1(3) 'Confirm before permanently deleting' protects the user from a damaging, irreversible action — this is the usability goal of safety (guarding against dangerous or unwanted states).
- +1(4) 'Only the account holder can view their history' restricts access to data to authorised parties — this is the confidentiality property of the CIA triad.
Key terms
- Usability
- A quality attribute measuring how easy a user interface is to use (Nielsen); also the set of methods for improving ease of use during design. Studied within the wider field of Human-Computer Interaction (HCI).
- Affordance / signifier
- An affordance is a possible action an object suggests; a signifier is the cue that reveals it. A 'Norman Door' gives the wrong signifier (a pull-handle on a push door), a classic poor-design example from Norman's Design of Everyday Things.
- The six usability goals
- Effectiveness, efficiency, safety, utility, learnability and memorability — the measurable qualities of a good interface. They cannot all be maximised together, so designers prioritise and trade off.
- User experience (UX)
- The subjective, felt quality of using a product — whether it is satisfying, engaging, fun or, negatively, frustrating or patronising. Distinct from usability: usability is about effectiveness and efficiency, UX about how the whole experience feels.
- CIA triad
- The three fundamental security properties: Confidentiality (data seen only by authorised parties), Integrity (data not altered undetectably), Availability (system remains usable by legitimate users).
- STRIDE / DREAD
- Named security models. STRIDE identifies threat types — Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege. DREAD scores threat risk — Damage, Reproducibility, Exploitability, Affected users, Discoverability.
Usability and Security: The Two Pillars FAQ
Why does INFO2222 teach usability and security together?
Because real systems must be both, and the goals often conflict — a heavily locked-down interface can become unusable, while a friendly one can invite mistakes. The unit's running example is that a secure system must not let a misleading UI cause a person to authorise something harmful (the Bybit incident, where approvers trusted a UI display instead of verifying what they were signing). Learning both halves lets you reason about the trade-off rather than optimising one pillar and breaking the other.
What is the difference between a usability goal and a UX goal?
Usability goals are measurable qualities of the interface — effectiveness, efficiency, safety, utility, learnability, memorability. UX goals describe how using the product feels — engaging, satisfying, fun, or on the bad side boring or frustrating. 'Easy to learn' is learnability (a usability goal); 'enjoyable to use' is a UX goal. The exam likes to test this boundary and the learnability-vs-memorability pair.
Do I need to memorise STRIDE and DREAD in detail?
You should recognise them and know what each is for — STRIDE is a threat-identification model, DREAD a risk-assessment model — and be able to expand the acronyms. The unit's emphasis is on reasoning about a system model and a threat model case by case rather than reciting a checklist, so understand why you would use each rather than drilling their letters in isolation. Confirm the examinable depth in the Week 12 revision material on Canvas.
Can AI help me learn the Week 1 foundations for INFO2222?
Yes, as a study aid. Sia can quiz you on the six usability goals, drill the usability-vs-UX and confidentiality-vs-integrity distinctions, and explain why an interface failure (like a status light showing the commanded rather than the actual state) is a design problem. Use it to rehearse and check your reasoning; it does not complete graded quizzes or project work for you, and the University of Sydney academic-integrity policy applies.
Exam move
Week 1 is vocabulary that everything else reuses, so lock it down early. Make a flashcard for each of the six usability goals with a one-line example, and a second set for the CIA triad, so you can classify a statement instantly under exam time pressure. Practise the boundaries the exam exploits: learnability vs memorability, usability goal vs UX goal, integrity vs confidentiality. Learn the two motivating failures as one-line lessons — indicators must reflect true system state (Three Mile Island); a secure system must not let a misleading UI trigger a harmful authorisation (Bybit). Because this content seeds the early in-class quizzes and returns as easy recall marks on the final exam, a little steady revision here is high-value. Confirm the exam's scope on Canvas.
Working through Usability and Security: The Two Pillars in INFO2222? Sia is AskSia’s AI Computer Science tutor — ask any INFO2222 Usability and Security: The Two Pillars question and get a clear, step-by-step explanation grounded in how INFO2222 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.