LERSSE-REPORT-2007-024

Searching for the Right Fit: A Case Study of IT Security Management Model Tradeoffs

Kirstie Hawkey ; Kasia Muldner ; Konstantin Beznosov

16 November 2007

Abstract: The usability of security systems within an organization is impacted not only by tool interfaces but also by the security management model (SMM) of the IT security team. Finding the right SMM is critical and yet can be challenging, as there are tradeoffs inherent with each approach. We present a case study of one post-secondary educational institution that created a centralized security team, but disbanded it in favour of a more distributed approach three years later. The case study consists of interviews with ten IT staff from across the organization who gave us their diverse perspectives of the realities of managing security in a decentralized post-secondary organization. We contrast this organization’s experiences with SMMS with expectations from industry standards and derive organizational factors that impact the success of the models. These factors highlight the importance of considering both the organization’s security goals as well as its structure when evaluating potential SMMs. Furthermore, top management support, security policies, and a security team with vested authority, along with the organization’s prior security management history, impact the success of a given SMM.

Keyword(s): hot admin ; field study ; Security Management ; Security Tasks ; Usable Security ; Collaboration

Published in: Kirstie Hawkey, Kasia Muldnery, and Konstantin Beznosov, "Searching for the Right Fit: A Case Study of IT Security Management Model Tradeoffs", Laboratory for Education and Research in Secure Systems Engineering, Vancouver, Canada, University of British Columbia, technical report LERSSE-TR-2007-03, 16 November, 2007, pp.23.:

The record appears in these collections:
Technical Reports
Usable Security

 Record created 2009-04-27, last modified 2013-05-22


Transfer from CDS 0.99.7:
Download fulltext
PDF

Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)