Journal of the American Society for Information Science - Special issue on current research in human-computer interaction
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Meta-design: design for designers
DIS '00 Proceedings of the 3rd conference on Designing interactive systems: processes, practices, methods, and techniques
Cognitive Work Analysis: Towards Safe, Productive, and Healthy Computer-Based Work
Cognitive Work Analysis: Towards Safe, Productive, and Healthy Computer-Based Work
Usability Engineering
Field studies of computer system administrators: analysis of system management tools and practices
CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
Human, organizational, and technological factors of IT security
CHI '08 Extended Abstracts on Human Factors in Computing Systems
Security practitioners in context: their activities and interactions
CHI '08 Extended Abstracts on Human Factors in Computing Systems
The challenges of using an intrusion detection system: is it worth the effort?
Proceedings of the 4th symposium on Usable privacy and security
Work practices of system administrators: implications for tool design
Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
Guidelines for designing IT security management tools
Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
Real life challenges in access-control management
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
International Journal of Human-Computer Studies
Usability meets access control: challenges and research opportunities
Proceedings of the 14th ACM symposium on Access control models and technologies
System administrators as broker technicians
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
A case study of enterprise identity management system adoption in an insurance organization
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
Heuristics for evaluating IT security management tools
CHI '11 Extended Abstracts on Human Factors in Computing Systems
Heuristics for evaluating IT security management tools
Proceedings of the Seventh Symposium on Usable Privacy and Security
Methodology for a field study of anti-malware software
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Physical access control administration using building information models
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
A clinical study of risk factors related to malware infections
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their workplace and tools. We analyzed the interviews using a variation of Grounded Theory and predesigned themes. Our results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it. The workplace of our participants can be characterized by their responsibilities, goals, tasks, and skills. Three skills stand out as significant in the IT security management workplace: inferential analysis, pattern recognition, and bricolage.