Security practitioners in context: Their activities and interactions with other stakeholders within organizations

Authors:
Rodrigo Werlinger;Kirstie Hawkey;David Botta;Konstantin Beznosov
Affiliations:
University of British Columbia, 2332 Main Mall, Vancouver, Canada;University of British Columbia, 2332 Main Mall, Vancouver, Canada;University of British Columbia, 2332 Main Mall, Vancouver, Canada;University of British Columbia, 2332 Main Mall, Vancouver, Canada
Venue:
International Journal of Human-Computer Studies
Year:
2009

Citing 26
Cited 3

Development of computer-based information systems: A communication framework

ACM SIGMIS Database
Inside a software design team: knowledge acquisition, sharing, and integration

Communications of the ACM
Of maps and scripts—the status of formal constructs in cooperative work

GROUP '97 Proceedings of the international ACM SIGGROUP conference on Supporting group work: the integration challenge
Contextual design: defining customer-centered systems

Contextual design: defining customer-centered systems
Cognitive Work Analysis: Towards Safe, Productive, and Healthy Computer-Based Work

Cognitive Work Analysis: Towards Safe, Productive, and Healthy Computer-Based Work
Making Connections: Complementary Influences on Communication Media Choices, Attitudes, and Use

Organization Science
Designing for loose coupling in mobile groups

GROUP '03 Proceedings of the 2003 international ACM SIGGROUP conference on Supporting group work
Why there aren't more information security research studies

Information and Management
Knowledge management technology

IBM Systems Journal
Evaluating computer-supported cooperative work: models and frameworks

CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
I know my network: collaboration and expertise in intrusion detection

CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
Field studies of computer system administrators: analysis of system management tools and practices

CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
The interrelationship and effect of culture and risk communication in setting internet banking security goals

ICEC '04 Proceedings of the 6th international conference on Electronic commerce
Johnny 2: a user test of key continuity management with S/MIME and Outlook Express

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
A Mathematical Theory of Communication

A Mathematical Theory of Communication
Awareness and teamwork in computer-supported collaborations

Interacting with Computers
Design guidelines for system administration tools developed through ethnographic field studies

Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A knowledge architecture for IT security

Communications of the ACM - Creating a science of games
Towards understanding IT security professionals and their tools

Proceedings of the 3rd symposium on Usable privacy and security
Human, organizational, and technological factors of IT security

CHI '08 Extended Abstracts on Human Factors in Computing Systems
Security practitioners in context: their activities and interactions

CHI '08 Extended Abstracts on Human Factors in Computing Systems
Searching for the Right Fit: Balancing IT Security Management Model Trade-Offs

IEEE Internet Computing
The challenges of using an intrusion detection system: is it worth the effort?

Proceedings of the 4th symposium on Usable privacy and security
Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science

International Journal of Human-Computer Studies
An integrative study of information systems security effectiveness

International Journal of Information Management: The Journal for Information Professionals

A case study of enterprise identity management system adoption in an insurance organization

Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
Heuristics for evaluating IT security management tools

Proceedings of the Seventh Symposium on Usable Privacy and Security
GROUP workshop proposal: collaboration in managing computer systems

Proceedings of the 17th ACM international conference on Supporting group work

Quantified Score

Hi-index	0.00

Visualization

Abstract

This study investigates the context of interactions of information technology (IT) security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. We identify nine different activities that require interactions between security practitioners and other stakeholders, and describe in detail two of these activities that may serve as useful references for security-tool usability scenarios. We propose a model of the factors contributing to the complexity of interactions between security practitioners and other stakeholders, and discuss how this complexity is a potential source of security issues that increase the risk level within organizations. Our analysis also reveals that the tools used by our participants to perform their security tasks provide insufficient support for the complex, collaborative interactions that their duties involve. We offer several recommendations for addressing this complexity and improving IT security tools.