Studying IT Security Professionals: Research Design and Lessons Learned
The HOT Admin Field Study used qualitative methods to study information technology security administrators. Both the nature of the field and the difficulty of gaining access to subjects had...
View ArticleOn the Imbalance of the Security Problem Space and its Expected Consequences
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon. The decomposition of the problem space into technological, human, and social factors...
View ArticleTowards Understanding IT Security Professionals and Their Tools
We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their...
View ArticleUnderstanding IT Security Administration through a Field Study
The security administration of large organizations is exceptionally challenging due to the increasingly large numbers of application instances, resources, and users; the growing complexity and dynamics...
View ArticleTowards Understanding IT Security Professionals and Their Tools
It is estimated that organizations worldwide will spend around $100 Billion USD on IT Security in 2007. A notable size of this will be spent on tools but little is known how effective IT security...
View ArticleA Study of Security Administration Errors
Security administrators prevent security breaches against their infrastructure by using their tools to implement the security policy. This paper deals with security administration errors that were...
View ArticleOn the Imbalance of the Security Problem Space and its Expected Consequences
This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon. The decomposition of the problem space into technological, human, and social factors...
View ArticleSearching for the Right Fit: A Case Study of IT Security Management Model...
The usability of security systems within an organization is impacted not only by tool interfaces but also by the security management model (SMM) of the IT security team. Finding the right SMM is...
View ArticleSecurity Practitioners in Context: Their Activities and Interactions
This study develops the context of interactions of IT security practitioners. Preliminary qualitative analysis of 22 interviews (to date) and participatory observation has identified eight different...
View ArticleSecurity Practitioners in Context: Their Activities and Collaborative...
This study develops the context of interactions of IT security practitioners. Preliminary qualitative analysis of 22 interviews (to date) and participatory observation has identified eight different...
View ArticleHOT Admin Research Project: Overview and Results to Date
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...
View ArticleA Broad Empirical Study of IT Security Practioners
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...
View ArticleThe Challenges of Using an Intrusion Detection System: Is It Worth the Effort?
An intrusion detection system (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs,...
View ArticleToward Understanding the Workplace of IT Security Practitioners
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...
View ArticleManagement of IT Security in Organizations: What Makes It Hard?
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...
View ArticleGuidelines for Designing IT Security Management Tools
An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. In this paper, we present a survey of design guidelines for...
View ArticleTowards Improving Mental Models of Personal Firewall Users
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. However, our study of this interface revealed that concealing the impact of...
View ArticleSecurity Practitioners in Context: Their Activities and Interactions with...
This study investigates the context of interactions of IT security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. We identify nine different activities...
View ArticleUsability Meets Access Control: Challenges and Research Opportunities
This panel discusses specific challenges in the usability of access control technologies and new opportunities for research. The questions vary from “Why nobody, even experts, uses access control lists...
View ArticleRevealing Hidden Context: Improving Mental Models of Personal Firewall Users
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of...
View ArticleRevealing Hidden Context: Improving Mental Models of Personal Firewall Users
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of the...
View ArticleUser Centered Design of ITSM Tools
IT Security Management (ITSM) requires collaboration between diverse stakeholders, has an environment of numerous technological and business specializations (is complex), has many issues that need to...
View ArticleRevealing Hidden Context: Improving Users' Mental Models of Personal Firewalls
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. However, our study of this interface revealed that concealing the impact of...
View ArticleA Multi-method Approach for User-centered Design of Identity Management Systems
Identity management (IdM) comprises the processes and infrastructure for the creation, maintenance, and use of digital identities. This includes designating who has access to resources, who grants that...
View ArticleA Case Study of Enterprise Identity Management System Adoption in an...
This case study describes the adoption of an enterprise identity management(IdM) system in an insurance organization. We describe the state of the organization before deploying the IdM system, and...
View Article
