Human, organizational, and technological factors of IT security

Conference on Human Factors in Computing Systems - Proceedings

Volumn , Issue , 2008, Pages 3639-3644

  Hawkey, Kirstie ^a   Botta, David ^a   Werlinger, Rodrigo ^a   Muldner, Kasia ^a   Gagne, Andre ^a   Beznosov, Konstantin ^a  

^a UNIVERSITY OF BRITISH COLUMBIA   (Canada)

Author keywords

Human factors; IT security; Organizational factors; Qualitative research; Technological factors

Indexed keywords

HUMAN ENGINEERING; INDUSTRIAL MANAGEMENT; PROJECT MANAGEMENT; SECURITY SYSTEMS;

HUMAN FACTORS; IT SECURITY; ORGANIZATIONAL FACTORS; QUALITATIVE RESEARCH; TECHNOLOGICAL FACTORS;

COMPUTER SYSTEMS;

EID: 57049127094     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1358628.1358905     Document Type: Conference Paper

References (15)

1. Botta, D., Werlinger, R., Gagne, A., Beznosov, K., Iverson, L., Fels, S., and Fisher, B. Towards Understanding IT Security Professionals and Their Tools. Proc. of Symposium on Usable Privacy and Security (SOUPS). ACM. (2007). 100-111.
2. Busby, J.S., Error and distributed cognition in design. Design Studies, (2001). 22: 233-254.
3. Flechais, I. and Sasse, M.A., Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science. Int. J. Human-Computer Studies, (2007): doi:10.1016/j.ijhcs.2007.10.002.
4. Haber, E. and Kandogan, E. Security Administrators: A Breed Apart. Proc. of Workshop on Usable IT Security Management, SOUPS 2007. (2007).
5. Kandogan, E. and Haber, E.M., Security administration tools and practices., in Security and Usability: Designing Secure Systems that People Can Use, L. F. Cranor and Garfinkel, S., Editors. 2005, O'Reilly Media, Inc.: Sebastapol. 357-378.
6. Kankanhalli, A., Teo, H.-H., Tan, B.C.Y., and Wei, K.-K., An integrative study of information systems security effectiveness. Int. J. Information Management, (2003). 23(2): 139-154.
7. Killcrece, G., Kossakowski, K.P., Ruefle, R., and Zajicek, M., Organizational models for computer security incident response teams (CSIRTS). (2003): CMU/SEI-2003-HB-001 ADA421684: http://www.sei.cmu.edu/ publications/documents/03.reports/03hb001.html.
8. Killcrece, G., Kossakowski, K.P., Ruefle, R., and Zajicek, M., Incident Management. (2005): buildsecurityin.us-cert.gov/daisy/bsl/ articles/best-practices/incident/223.html.
9. Knapp, K.J., Marshall, T.E., Rainer, R.K., and Ford, F.N., Managerial dimensions in information security: A theoretical model of organizational effectiveness. (2005): www.isc2.org/download/auburnstudy2005.pdf.
10. Kotulic, A.G. and Clark, J.G., Why there aren't more information security research studies. Information & Management, (2004). 41(5): 597-607.
11. Rayford, R.H., B. Vaughn, J., and Fox, K., An empirical study of industrial security-engineering practices. J. of Systems and Software, (2001). 61: 225-232.
12. Redish, J., Expanding usability testing to evaluate complex systems. J. Of Usability Studies, (2007). 2(3): 102-111.
13. Siegel, D.A., Reid, B., and Dray, S.M., IT Security: Protecting Organizations in Spite of Themselves. Interactions, (2006). 13(3): 20-27.
14. Werlinger, R. and Botta, D. Detecting, analyzing, and responding to security incidents: A qualitative analysis. Proc. of Workshop on Usable IT Security Management (USM), SOUPS 2007. (2007).
15. Werlinger, R., Hawkey, K., and Beznosov, K. Security Practitioners in Context: Their Activities and Interactions. Proc. of Ext. Abstracts of CHI 2008. ACM. (In press).