Home > Technical Reports > Searching for the Right Fit: A Case Study of IT Security Management Model Tradeoffs |
LERSSE-REPORT-2007-024 |
Kirstie Hawkey ; Kasia Muldner ; Konstantin Beznosov
16 November 2007
Abstract: The usability of security systems within an organization is impacted not only by tool interfaces but also by the security management model (SMM) of the IT security team. Finding the right SMM is critical and yet can be challenging, as there are tradeoffs inherent with each approach. We present a case study of one post-secondary educational institution that created a centralized security team, but disbanded it in favour of a more distributed approach three years later. The case study consists of interviews with ten IT staff from across the organization who gave us their diverse perspectives of the realities of managing security in a decentralized post-secondary organization. We contrast this organization’s experiences with SMMS with expectations from industry standards and derive organizational factors that impact the success of the models. These factors highlight the importance of considering both the organization’s security goals as well as its structure when evaluating potential SMMs. Furthermore, top management support, security policies, and a security team with vested authority, along with the organization’s prior security management history, impact the success of a given SMM.
Keyword(s): hot admin ; field study ; Security Management ; Security Tasks ; Usable Security ; Collaboration
Published in: Kirstie Hawkey, Kasia Muldnery, and Konstantin Beznosov, "Searching for the Right Fit: A Case Study of IT Security Management Model Tradeoffs", Laboratory for Education and Research in Secure Systems Engineering, Vancouver, Canada, University of British Columbia, technical report LERSSE-TR-2007-03, 16 November, 2007, pp.23.:
The record appears in these collections:
Technical Reports
Usable Security