000000261 001__ 261
000000261 005__ 20130522141941.0
000000261 037__ $$aLERSSE-RefConfPaper-2011-006
000000261 100__ $$aPooya Jaferian
000000261 245__ $$aHeuristics for Evaluating IT Security Management Tools
000000261 260__ $$c2011-07-20
000000261 300__ $$a20
000000261 520__ $$aThe usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, standard usability heuristics are hard to apply as IT security management occurs within a complex and collaborative context that involves diverse stakeholders. We propose a set of ITSM usability heuristics that are based on activity theory, are supported by prior research, and consider the complex and cooperative nature of security management. In a between-subjects study, we compared the employment of the ITSM and Nielsen's heuristics for evaluation of a commercial identity management system. Participants who used the ITSM set found more problems categorized as severe than those who used Nielsen's.  As evaluators identified different types of problems with the two sets of heuristics, we recommend employing both the ITSM and Nielsen's heuristics during evaluation of ITSM tools.
000000261 6531_ $$aSOUPS 
000000261 6531_ $$aUsable Security
000000261 6531_ $$aIT Security Management
000000261 6531_ $$aHOT Admin
000000261 6531_ $$aIdM
000000261 700__ $$aKirstie Hawkey
000000261 700__ $$aAndreas Sotirakopoulos
000000261 700__ $$aMaria Velez-Rojas
000000261 700__ $$aKonstantin Beznosov
000000261 8560_ $$fpooya@ece.ubc.ca
000000261 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/261/files/261.pdf$$yTransfer from CDS 0.99.7
000000261 909C4 $$pPooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools, in Proceedings of the Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, PA, USA, July 20-22, 2011. 
000000261 980__ $$aRefConfPaper