Towards Understanding IT Security Professionals and Their Tools
David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; Lee Iverson ; Sidney Fels ; Brian Fisher
07 March 2007
Abstract: We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their workplace and tools. We analyzed the interviews using a variation of Grounded Theory and predesigned themes. Our results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it. The workplace of our participants can be characterized by their responsibilities, goals, tasks, and skills. Three skills stand out as significant in the IT security management workplace: inferential analysis, pattern recognition, and bricolage.
Keyword(s): HOT Admin ; SOUPS ; Usable Security ; IT Security Management
Published in: David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels, Brian Fisher, "Towards Understanding IT Security Professionals and Their Tools" in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, PA, USA, July 18-20, 2007, pp.100-111.: