Pooya Jaferian

17 June 2009

Abstract: IT Security Management (ITSM) requires collaboration between diverse stakeholders, has an environment of numerous technological and business specializations (is complex), has many issues that need to be handled with discretion, is fast paced, uncertain, requires reliance of practitioners on tacit knowledge, and there is lack of immediate feedback when imposing a change on the system. Direct observation of tool use can be time consuming as much security work is spontaneous (e.g. security incident response) or occurs over many months. As ITSM tool use is intrinsically cooperative, its study inherits the difficulties of studying cooperation. As a result, we argue that discount usability evaluation of ITSM tools could be a viable component of user centered design of ITSM tools. We address the lack of discount usability evaluation methods for ITSM tools by developing guidelines and heuristics for evaluation of ITSM tools.

Keyword(s): Security Tools ; Usable Security ; Security Practitioners ; Collaboration ; Case Study ; IdM ; Heuristic Evaluation ; issnet

Published in: Talk given at NSERC ISSNet Workshop 2009, Carleton University, Ottawa, Canada.: