David Botta

Towards understanding IT security professionals and their tools

We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their workplace and tools. We analyzed the interviews using a variation of Grounded Theory and predesigned themes. Our results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it. The workplace of our participants can be characterized by their responsibilities, goals, tasks, and skills. Three skills stand out as significant in the IT security management workplace: inferential analysis, pattern recognition, and bricolage.

Security practitioners in context: Their activities and interactions with other stakeholders within organizations

This study investigates the context of interactions of information technology (IT) security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. We identify nine different activities that require interactions between security practitioners and other stakeholders, and describe in detail two of these activities that may serve as useful references for security-tool usability scenarios. We propose a model of the factors contributing to the complexity of interactions between security practitioners and other stakeholders, and discuss how this complexity is a potential source of security issues that increase the risk level within organizations. Our analysis also reveals that the tools used by our participants to perform their security tasks provide insufficient support for the complex, collaborative interactions that their duties involve. We offer several recommendations for addressing this complexity and improving IT security tools.

Guidelines for designing IT security management tools

An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. In this paper, we present a survey of design guidelines for such tools. We gathered guidelines and recommendations related to IT security management tools from the literature as well as from our own prior studies of IT security management. We categorized and combined these into a set of high level guidelines and identified the relationships between the guidelines and challenges in IT security management. We also illustrated the need for the guidelines, where possible, with quotes from additional interviews with five security practitioners. Our framework of guidelines can be used by those developing IT security tools, as well as by practitioners and managers evaluating tools.

Toward understanding distributed cognition in IT security management: the role of cues and norms

Information technology security management (ITSM) entails significant challenges, including the distribution of tasks and stakeholders across the organization, the need for security practitioners to cooperate with others, and technological complexity. We investigate the organizational processes in ITSM using qualitative analysis of interviews with ITSM practitioners. To account for the distributed nature of ITSM, we utilized and extended a distributed cognition framework that includes as key aspects the themes of cues and norms. We show how ITSM challenges foster under-use of cues and norms, which comprises a type of risk that may result in outcomes that are adverse to the organization’s interests. Throughout, we use scenarios told by our participants to illustrate the various concepts related to cues and norms as well as ITSM breakdowns.

Human, organizational, and technological factors of IT security

This paper describes the HOT Admin research project, which is investigating the human, organizational, and technological factors of IT security from the perspective of security practitioners. We use qualitative methods to examine their experiences along several themes including: unique characteristics of this population, the challenges they face within the organization, their activities, their collaborative interactions with other stakeholders, the sub-optimal situations they face as a result of distributed security management, and the impact of the security management model in place. We present preliminary results for each theme, as well as the implications of these results on the field of usable security and other research areas within HCI.

Detecting, analyzing and responding to security incidents: a qualitative analysis

Persistence and cost are the two factors that have motivated several studies about better practices for dealing with security incidents [5]. However, there is not much literature about IT professionals who have to deal with security incidents, in terms of which tasks they actually perform and which resources they need to handle the complex scenarios given by real incidents [6]. This lack of research makes it difficult to evaluate and improve the support that IT security professionals need to respond efficiently to security incidents.

A case study of enterprise identity management system adoption in an insurance organization

This case study describes the adoption of an enterprise identity management(IdM) system in an insurance organization. We describe the state of the organization before deploying the IdM system, and point out the challenges in its IdM practices. We describe the organizations requirements for an IdM system, why a particular solution was chosen, issues in the deployment and configuration of the solution, the expected benefits, and the new challenges that arose from using the solution. Throughout, we identify practical problems that can be the focus of future research and development efforts. Our results confirm and elaborate upon the findings of previous research, contributing to an as-yet immature body of cases about IdM. Furthermore, our findings serve as a validation of our previously identified guidelines for IT security tools in general.

A multi-method approach for user-centered design of identity management systems

Identity management (IdM) comprises the processes and infrastructure for the creation, maintenance, and use of digital identities [1]. This includes designating who has access to resources, who grants that access, and how accountability and compliance is maintained [3, 8, 4]. IdM has become an important aspect of IT security infrastructure in organizations, and some consider it to be the most important solution for enabling compliance [9]. To facilitate identity management, usable technological solutions are important. In this ongoing research, we plan to study the practice of identity management from a socio-technical point of view, and study how technology can improve IdM. Our final goal is to develop recommendations for user-centered design of IdM systems. We’ve devised a multi-method approach to address this problem. To begin with, we performed a case study of IdM adoption and use in an insurance organization. The case study provides us with a high level understanding about the problem domain and directions for the rest of our research. We plan to continue our research in two phases: (1) evaluate the usability of an IdM system using heuristic evaluation, and (2) perform a field study to further our understanding about IdM practices and technologies, validate the results of our heuristic evaluation, and develop recommendations for user-centered design of IdM systems. In this poster we present an overview of each phase of our ongoing research. At the time of writing, we finished the case study and developed a list of heuristics for heuristic evaluation of IT security tools. We plan to conduct a heuristic evaluation on an IdM system, and then a field study.

Modelling the Garden of Perfect Brightness

The Yuan Ming Yuan, the Garden of Perfect Brightness, was the culmination of the art of Chinese Imperial gardens. Covering 350 hectares (875 acres) northwest of Beijing, it included 140 distinct sites, 2000 structures, thousands of pieces of furniture and precious objects, countless plants. It was almost totally destroyed in 1860 at the end of the second Opium War by English and French troops in one of the worst acts of cultural vandalism in recorded history.