000000133 001__ 133
000000133 005__ 20130522141950.0
000000133 037__ $$aLERSSE-PRESENTATION-2007-062
000000133 041__ $$aeng
000000133 100__ $$aDavid Botta
000000133 100__ $$aRodrigo Werlinger
000000133 100__ $$aAndré Gagné
000000133 100__ $$aKonstantin Beznosov
000000133 100__ $$aSid Fels
000000133 100__ $$aLee Iverson
000000133 100__ $$aBrian Fisher
000000133 245__ $$aTowards Understanding IT Security Professionals and Their Tools
000000133 260__ $$c2007-06-20
000000133 300__ $$a20p
000000133 520__ $$aIt is estimated that organizations worldwide will spend around $100 Billion USD on IT Security in 2007. A notable size of this will be spent on tools but little is known how effective IT security tools, and what works and what does not. "Human, Organization, and Technology Centred Improvement of the IT Security Administration" (HOT Admin for short) is a three year long research project funded by the Canadian government and headed by Konstantin Beznosov at the University of British Columbia. It aims to investigate methodologies and techniques for evaluating and developing better tools for managing IT security in organizations. The project is in its first stage, which is a field study of IT professionals who are involved in security management. In conducting 14 interviews with IT professionals from 5 different organizations, we focused on the interactions of technological, organizational, and human factors. Our results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it. Our participants had to meet three disjoint responsibilities: design, response, and maintenance of IT security systems. To meet these responsibilities, security practitioners had to perform several tasks, such as: monitor systems, verify notifications, correlate different sources of information, and report. Three skills stand out as significant to perform the tasks: inferential analysis, pattern recognition, and bricolage. In this presentation we will report our preliminary findings. We will discuss the similarities found across the organizations in the areas of the organization structure, the responsibilities of a practitioner, the skills needed. We will also discuss what our participants liked and did not like about their tools and possible directions for improving security tools.
000000133 6531_ $$aHOT Admin
000000133 6531_ $$aField Study
000000133 6531_ $$aUsable Security
000000133 6531_ $$aIT Security Management
000000133 8560_ $$fqiangw@ece.ubc.ca
000000133 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/133/files/133.pdf$$yTransfer from CDS 0.99.7
000000133 909C4 $$pDavid Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Sid Fels, Lee Iverson, Brian Fisher, "Towards Understanding IT Security Professionals and Their Tools," CIPS Vancouver Security SIG Meeting, Vancouver, 13 June, 2007, pp.20.
000000133 980__ $$aPRESENTATION