Home > Talks/Presentations > Human, Organizational and Technological Factors of IT Security |
LERSSE-PRESENTATION-2008-065 |
Kasia Muldner
01 February 2008
Abstract: Given that Information Technology (IT) has become pervasive in today’s organizations, properly securing systems is critical. However, many challenges remain with respect to implementing sound technologies and security processes. In the past decade, the research focus has shifted, from only considering pure technological factors, to also include organizational and human factors, as these latter two factors play a key role in influencing security practices and outcomes. The corresponding research area, namely HCISec, explores how to design “usable security” solutions for all users. To date, however, little work has targeted the population that is at the crossroads of the above mentioned human/organizational/technological factors, namely security professionals, who are responsible for protecting their organizations from IT-related threats. Currently, these individuals lack sufficient support, as is evident by the rising number and cost of incidents. As a first step in gaining insight on how to provide this support, we are conducting a field study that involves gathering data from security administrators working in a variety of organizations. Here, we will present findings from our study, which are based on inductive qualitative analysis, and include descriptive models of the unique needs of this highly specialized population, the challenges it faces, and the sub-optimal situations that lead to security incidents. Based on our findings, we propose some guidelines for designing effective “usable security” solutions.
Keyword(s): HOT Admin ; IT Security ; Human factors ; Organizational factors ; Technological factors ; Qualitative research
Published in: Kasia Muldner, " Human, Organizational and Technological Factors of IT Security", Invited Talk at Acadia University, Wofville, N.S., Canada, 25 January, 2007.:
The record appears in these collections:
Talks/Presentations