Heuristics for Evaluating IT Security Management Tools

Pooya Jaferian; Maria Velez-Rojas; Kirstie Hawkey; Konstantin Beznosov; Andreas Sotirakopoulos
000000287 001__ 287
000000287 005__ 20130806085723.0
000000287 037__ $$aLERSSE-RefJnlPaper-2013-002
000000287 100__ $$aPooya Jaferian
000000287 245__ $$aHeuristics for Evaluating IT Security Management Tools
000000287 260__ $$c2013-07-29
000000287 300__ $$a40
000000287 500__ $$aPreprint
000000287 520__ $$aThe usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. In this paper, we explore how domain specific heuristics are created by examining prior research in the area of heuristic and guideline creation. We then describe our approach of creating usability heuristics for ITSM tools, which is based on guidelines for ITSM tools that are interpreted and abstracted with activity theory. With a between-subjects study, we compared the employment of the ITSM and Nielsen's heuristics for evaluation of a commercial identity management system. Participants who used the ITSM set found more problems categorized as severe than those who used Nielsen's. We analyzed several aspects of our heuristics including the performance of individual participants using the heuristic, the performance of individual heuristics, the similarity of our heuristics to Nielsen's, and the participants' opinion about the use of heuristics for evaluation of IT security tools. We then discuss the implications of our results on the use of ITSM and Nielsen's heuristics for usability evaluation of ITSM tools.
000000287 6531_ $$aHeuristic Evaluation 
000000287 6531_ $$aIT Security 
000000287 6531_ $$aUsable Security
000000287 6531_ $$aComputer Supported Cooperative Work
000000287 6531_ $$aActivity Theory
000000287 6531_ $$aUsability Evaluation 
000000287 6531_ $$aIdentity Management 
000000287 6531_ $$aAccess Management
000000287 700__ $$aKirstie Hawkey
000000287 700__ $$aAndreas Sotirakopoulos
000000287 700__ $$aMaria Velez-Rojas
000000287 700__ $$aKonstantin Beznosov
000000287 8560_ $$fpooya@ece.ubc.ca
000000287 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/287/files/main-document.pdf
000000287 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/287/files/main-document.pdf?subformat=pdfa$$xpdfa
000000287 909C4 $$pPooya Jaferian, Kirstie Hawkey, Andreas Sotirakopoulos, Maria Velez-Rojas, Konstantin Beznosov, Heuristics for Evaluating IT Security Management Tools,  Accepted in Human–Computer Interaction, doi:10.1080/07370024.2013.819198.
000000287 980__ $$aRefJnlPaper
guest :: login LERSSE Digital Library
		Search		Submit		Personalize Your alerts Your baskets Your searches		Help