Guidelines for designing IT security management tools

Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology, CHiMiT '08

Volumn , Issue , 2007, Pages

  Jaferian, Pooya ^a   Botta, David ^a   Raja, Fahimeh ^a   Hawkey, Kirstie ^a   Beznosov, Konstantin ^a  

^a UNIVERSITY OF BRITISH COLUMBIA   (Canada)

Author keywords

Design; Human factors; Security management

Indexed keywords

DESIGN GUIDELINES; HUMAN FACTORS; IT SECURITY; SECURITY MANAGEMENT; SECURITY PRACTITIONERS;

HUMAN COMPUTER INTERACTION; HUMAN ENGINEERING; INDUSTRIAL MANAGEMENT; SECURITY SYSTEMS;

INFORMATION TECHNOLOGY;

EID: 70350697857     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1477973.1477983     Document Type: Conference Paper

References (49)

1. K. Abdullah, C. Lee, G. Conti, J. A. Copeland, and J. Stasko. IDS RainStorm: Visualizing ids alarms. In VIZSEC '05: Proceedings of the IEEE Workshops on Visualization for Computer Security, pages 1-10, Minneapolis, MN, USA, 2005. IEEE Computer Society.
2. P. A. A. Amanda Jane Coffey. Making Sense of Qualitative Data: Complementary Research Strategies. SAGE Publications, 1996.
3. C. Andrew. The ve ps of patch management: Is there a simple way for businesses to develop and deploy an advanced security patch management strategy? Computers & Security, 24(5):362-363, 8 2005.
4. M. Q. W. Baldonado, A. Woodruff, and A. Kuchinsky. Guidelines for using multiple views in information. In AVI '00: Proceedings of the working conference on Advanced visual interfaces, pages 110-119, Palermo, Italy, 2000. ACM.
5. R. Ball, G. A. Fink, and C. North. Home-centric visualization of network traffic for security administration. In VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pages 55-64, Fairfax, VA, USA, 2004. ACM.
6. R. Barrett, P. P. Maglio, E. Kandogan, and J. Bailey. Usable autonomic computing systems: The system administratorsṕerspective. Advanced Engineering Informatics, 19(3):213-221, 2005.
7. R. Barrett, M. Prabaker, and L. Takayama. Field Studies of Computer System Administrators: Analysis of System Management Tools and Practices. In CSCW '04, pages 388-395, Chicago, IL, USA, 2004.
8. B. Beal. IT security: the product vendor landscape. Network Security, 2005(5):9-10, 5 2005.
9. D. Botta, R. Werlinger, A. Gagné, K. Beznosov, L. Iverson, S. Fels, and B. Fisher. Towards understanding IT security professionals and their tools. In SOUPS '07: Proceedings of the 2007 Symposium On Usable Privacy and Security, pages 100-111, Pittsburgh, Pennsylvania, July 18-20 2007. ACM.
10. C. M. Burns, J. Kuo, and S. Ng. Ecological interface design: a new approach for visualizing network management. Comput. Netw., 43(3):369-388, 2003.
11. K. Charmaz. Constructing Grounded Theory. SAGE publications, 2006.
12. S. Chiasson, P. C. van Oorschot, and R. Biddle. Even experts deserve usable security: Design guidelines for security management systems. In SOUPS Workshop on Usable IT Security Management (USM), Pittsburgh, PA, July 2007.
13. J. W. Creswell. Qualitative Inquiry and Research Design : Choosing among Five Traditions. SAGE Publications, July 1997.
14. P. DiGioia and P. Dourish. Social navigation as a model for usable security. In SOUPS '05: Proceedings of the 2005 Symposium On Usable Privacy and Security, pages 101-108, Pittsburgh, Pennsylvania, 2005. ACM.
15. B. Dijker. A day in the life of system administrators. http://sageweb.sage.org, June 2006.
16. M. Elliott and R. Kling. Organizational usability of digital libraries: Case study of legal research in civil and criminal courts. American Society for Information Science, 4(11):1023-1035, 1997.
17. A. Gagné, K. Muldner, and K. Beznosov. Identifying differences between security and other IT professionals: a qualitative analysis. In HAISA'08: Human Aspects of Information Security and Assurance, pages 69-80, Plymouth, England, July 8-9 2008.
18. R. Garigue and M. Stefaniu. Information security governance reporting. EDPACS, 31(6):11-17, 2003.
19. T. Grunwald and C. Corsbie-Massay. Guidelines for cognitively efficient multimedia learning tools: educational strategies, cognitive load, and interface design. Academic medicine, 83(3):213-223, 2006.
20. E. M. Haber and J. Bailey. Design Guidelines for System Administration: Tools Developed through Ethnographic Field Studies. In CHIMIT '07: Proceedings of the 2007 symposium on Computer Human Interaction for the Management of Information Technology, pages 1-9. ACM, 2007.
21. C. A. Halverson. The value of persistence: A study of the creation, ordering and use of conversation archives by a knowledge worker. In HICSS '04: Proceedings of the 37th Annual Hawaii International Conference on System Sciences, pages 1-10, Washington, DC, USA, 2004. IEEE Computer Society.
22. K. Hawkey, D. Botta, R. Werlinger, K. Muldner, A. Gagne, and K. Beznosov. Human, Organizational, and Technological Factors of IT Security. In CHI'08 extended abstract on Human factors in computing systems, pages 3639-3644, Florence, Italy, 2008.
23. K. Hawkey, K. Muldner, and K. Beznosov. Searching for the Right Fit: Balancing IT Security Model Trade-offs. Special Issue on Useful Computer Security, IEEE Internet Computing, 12(3):22-30, 2008.
24. A. Herzog and N. Shahmehri. User help techniques for usable security. In CHIMIT '07: Proceedings of the 2007 symposium on Computer Human Interaction for the Management of Information Technology, pages 93-102, Cambridge, Massachusetts, 2007. ACM.
25. K. Hornbaek and E. Frokjaer. Reading of electronic documents: the usability of linear, sheye, and overview+detail interfaces. In CHI '01: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 293-300, New York, NY, USA, 2001. ACM.
26. E. Kandogan and E. M. Haber. Security administration tools and practices. In L. F. Cranor and S. Garnkel, editors, Security and Usability: Designing Secure Systems that People Can Use, chapter 18, pages 357-378. O'Reilly Media, Inc., 2005.
27. S. Kesh and P. Ratnasingam. A knowledge architecture for it security. Commun. ACM, 50(7):103-108, 2007.
28. G. Killcrece, K.-P. Kossakowski, R. Rue e, and M. Zajicek. Organizational models for computer security incident response teams (CSIRTS). Technical Report CMU/SEI-2003-HB-001, 2003.
29. A. Komlod, P. Rheingans, U. Ayachit, J. Goodall, and A. Joshi. A user-centered look at glyph-based security visualization. In VIZSEC '05: Proceedings of the IEEE Workshops on Visualization for Computer Security, pages 21-28, Minneapolis, MN, USA, 2005.
30. S. J. Koyani, R. W. Bailey, and J. R. Nall. Research-Based Web Design & Usability Guidelines. U.S. Dept. of Health and Human Services, 2006.
31. S. Kraemer and P. Carayon. Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists. Applied Ergonomics, 38:143-154, 2007.
32. C. P. Lee and J. A. Copeland. Flowtag: a collaborative attack-analysis, reporting, and sharing tool for security researchers. In VizSEC '06: Proceedings of the 3rd international workshop on Visualization for computer security, pages 103-108, Alexandria, VA, USA, 2006. ACM.
33. S. McGann and D. C. Sicker. An analysis of security threats and tools in SIP-based VoIP systems. In 2nd VoIP Security Workshop, pages 1-8, Washington DC, USA, June 2005.
34. J. Nielsen. Applying discount usability engineering. IEEE Software, 12(1):98-100, 1995.
35. M. Nohlberg and J. Backstrom. User-centred security applied to the development of a management information system. Information Management & Computer Security, 15(5):372-381, 2007.
36. R. H. Rayford B. Vaughn Jr. and K. Fox. An empirical study of industrial security-engineering practices. The Journal of Systems and Software, 61:225-232, 2001.
37. Y. Rogers. Ghosts in the network: distributed troubleshooting in a shared working environment. In CSCW '92: Proceedings of the 1992 ACM conference on Computer-supported cooperative work, pages 346-355, Toronto, ON, Canada, 1992. ACM.
38. S. D. Scott, K. D. Grant, and R. L. Mandryk. System guidelines for co-located, collaborative work on a tabletop display. In ECSCW'03: Proceedings of the eighth European Conference on Computer Supported Cooperative Work, pages 159-178, Norwell, MA, USA, 2003. Kluwer Academic Publishers.
39. S. L. Smith and J. N. Mosier. Guidelines for designing user interface software. Technical Report ESD-TR-86-278, The MITRE Corporation Bedford MA, August 1986.
40. Y. L. Theng, E. Duncker, N. Mohd-Nasir, G. Buchanan, and H. W. Thimbleby. Design guidelines and user-centred digital libraries. In ECDL '99: Proceedings of the Third European Conference on Research and Advanced Technology for Digital Libraries, pages 167-183, London, UK, 1999. Springer-Verlag.
41. R. S. Thompson, E. M. Rantanen, W. Yurcik, and B. P. Bailey. Command line or pretty lines?: comparing textual and visual interfaces for intrusion detection. In CHI '07: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 1205-1214, San Jose, California, USA, 2007. ACM.
42. K. Vicente and J. Rasmussen. Ecological interface design: theoretical foundations. Systems, Man and Cybernetics, IEEE Transactions on, 22(4):589-606, Jul/Aug 1992.
43. B. von Solms and R. von Solms. The 10 deadly sins of information security management. Computers security, 23(5):371, 2004.
44. R. Werlinger, K. Hawkey, and K. Beznosov. Human, Organizational and Technological Challenges of Implementing IT Security in Organizations. In HAISA'08: Human Aspects of Information Security and Assurance, pages 35-48, Plymouth, England, July 8-9 2008.
45. R. Werlinger, K. Hawkey, and K. Beznosov. Security practitioners in context: their activities and interactions. In CHI '08 extended abstracts on Human factors in computing systems, pages 3789-3794, Florence, Italy, 2008.
46. R. Werlinger, K. Hawkey, K. Muldner, P. Jaferian, and K. Beznosov. The challenges of using an intrusion detection system: Is it worth the effort? In SOUPS '08: Proceedings of the 2008 Symposium On Usable Privacy and Security, pages 107-116, Pittsburgh, Pennsylvania, July 23-25 2008.
47. K. F. White and W. G. Lutters. Midweight collaborative remembering: wikis in the workplace. In CHIMIT '07: Proceedings of the 2007 symposium on Computer Human Interaction for the Management of Information Technology, pages 111-112, Cambridge, MA, USA, 2007. ACM.
48. W. Yurcik, J. Barlow, and J. Rosendale. Maintaining perspective on who is the enemy in the security systems administration of computer networks. In ACM CHI Workshop on System Administrators Are Users, Too. Proceedings of the Tenth Americas Conference on Information Systems, 2003.
49. W. Yurcik, R. S. Thompson, M. B. Twidale, and E. M. Rantanen. If you can't beat 'em, join 'em: combining text and visual interfaces for security-system administration. Interactions, 14(1):12-14, 2007.