LERSSE-PRESENTATION-2008-070

Toward Understanding the Workplace of IT Security Practitioners

Konstantin Beznosov

06 July 2008

Abstract: Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after security breaches. In order for technological solutions to provide effective support to IT security practitioners, tool developers need to understand better not only the technical, but also the human and organizational dimensions of IT security. To date, there is little empirical evidence about how human, organizational, and technological factors impact the processes of managing IT security. Moreover, little is known about the responsibilities and roles of security practitioners or the effectiveness of their tools and security management practices. The Human, Organization, and Technology Centred Improvement of IT Security Administration (HOT Admin) research project is working to fill this gap. We use qualitative methods to study experiences of IT security practitioners along several themes including: unique characteristics of IT security vs. general IT, the challenges the security professionals face within the organization, and their activities and interactions. We present our findings to date and discuss the implications of these findings on tool development and research.

Keyword(s): HOT Admin ; Security Tools ; Usable Security ; Qualitative Analysis

Published in: Konstantin Beznosov, “Toward Understanding the Workplace of IT Security Practitioners” talk given at the Computer Science Department, College University London, 04 July 2008.:

The record appears in these collections:
Talks/Presentations
Usable Security

 Record created 2009-04-27, last modified 2013-05-22


Transfer from CDS 0.99.7:
Download fulltext
PDF

Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)