Home > Technical Reports > Understanding IT Security Administration through a Field Study |
LERSSE-REPORT-2007-002 | |
LERSSE-REPORT-2007-020 |
David Botta ; Rodrigo Werlinger ; André Gagné ; Konstantin Beznosov ; Lee Iverson ; Sidney Fels ; Brian Fisher
13 June 2007
Abstract: The security administration of large organizations is exceptionally challenging due to the increasingly large numbers of application instances, resources, and users; the growing complexity and dynamics of business processes; and the spiralling volume of change that results from the interaction of the first two factors. Yet little is known about security administrators, their roles and responsibilities within organizations, and how effective existing tools and practices are at protecting organizations and employees while still allowing productive collaborative work. We report a descriptive qualitative study of IT security administrators, their tasks and tools, the organizations in which they reside, and their information technology. This field study comprises the first phase of the project Human, Organization, and Technology Centred Improvement of IT Security Administration. It used ethnographic methods to investigate security administrators in their work settings in order to understand and model their tasks as well as the effectiveness and usability of the tools they currently use to perform these tasks. It obtained inventories of tasks and tools sufficient for the development of models, theories, and guidelines of security administration.
Keyword(s): hot admin ; field study ; Security Management ; Ethnography ; Security Tasks ; Security Tools ; Usable Security ; Collaboration
Published in: David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels and Brian Fisher, "Understanding Information Technology Security Administration through a Field Study", Laboratory for Education and Research in Secure Systems Engineering, University of British Columbia, 2007:
The record appears in these collections:
Technical Reports
Usable Security