LERSSE-RefJnlPaper-2009-007

Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations

Rodrigo Werlinger ; Kirstie Hawkey ; David Botta ; Konstantin Beznosov

18 March 2009

Abstract: This study investigates the context of interactions of IT security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. We identify nine different activities that require interactions between security practitioners and other stakeholders, and describe in detail two of these activities that may serve as useful references for usability scenarios of security tools. We propose a model of the factors contributing to the complexity of interactions between security practitioners and other stakeholders, and discuss how this complexity is a potential source of security issues that increase the risk level within organizations. Our analysis also reveals that the tools used by our participants to perform their security tasks provide insufficient support for the complex, collaborative interactions that they need to perform. We offer several recommendations for addressing this complexity and improving IT security tools.

Keyword(s): Security Tools ; Usable Security ; Security Practitioners ; Collaboration ; Qualitative Analysis ; HOT Admin

Published in: Rodrigo Werlinger, Kirstie Hawkey, David Botta, Konstantin Beznosov, "Security Practitioners in Context: Their Activities and Interactions with Other Stakeholders within Organizations", International Journal of Human-Computer Studies, 67(7):584–606, March 2009. :

The record appears in these collections:
Refereed Journal Papers
Usable Security

 Record created 2009-04-27, last modified 2013-05-22


Transfer from CDS 0.99.7:
Download fulltext
PDF

Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)