Studying IT Security Professionals: Research Design and Lessons Learned

David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; Lee Iverson ; Sidney Fels ; Brian Fisher

07 March 2007

Abstract: The HOT Admin Field Study used qualitative methods to study information technology security administrators. Both the nature of the field and the difficulty of gaining access to subjects had implications for the study design. We present the lessons we learned, and offer some suggestions for future similar research.

Keyword(s): usable security ; HOT Admin ; usable security administration ; Field Study ; CHIMIT ; management of information technology

Published in: David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels, and Brian Fisher, "Studying IT Security Professionals: Research Design and Lessons Learned" position paper at the CHI Workshop on Security User studies: Methodologies and Best Practices, San Francisco, CA, 28 April 2007, 4 pages.:

