000000297 001__ 297
000000297 005__ 20150105023001.0
000000297 037__ $$aLERSSE-THESIS-2014-001
000000297 100__ $$aPooya Jaferian
000000297 245__ $$aUser-centered design of identity and access management systems
000000297 260__ $$c2014-12-01
000000297 300__ $$a314
000000297 520__ $$aIT security management (ITSM) technologies are important components of IT security in organizations. But there has been little research on how ITSM technologies should incorporate human and social issues into their design. Identity and Access Management (IAM) systems, as an important category of ITSM, share such a gap with other ITSM technologies. The overreaching goal of this research is to narrow the gap between IAM technologies and social context. In the first phase, we developed a set of usability guidelines, and heuristics for design and usability evaluation of ITSM tools. We gathered recommendations related to ITSM tools from the literature, and categorized them into a set of 19 high-level guidelines that can be used by ITSM tool designers. We then used a methodical approach to create seven heuristics for usability evaluation of ITSM tools and named them ITSM heuristics. With a between-subjects study, we compared the usage of the ITSM and Nielsen's heuristics for evaluation of a commercial IAM system. The results confirmed the effectiveness of ITSM heuristics, as participants who used the ITSM heuristics found more problems categorized as severe than those who used Nielsen's. In the second phase, we conducted a field-study of 19 security practitioners to understand how they do IAM and identify the challenges they face. We used a grounded theory approach to collect and analyze data and developed a model of IAM activities and challenges. Built on the model, we proposed a list of recommendations for improving technology or practice. In the third phase, we narrowed down our focus to a specific IAM related activity, access review. We expanded our understanding of access review by further analysis of the interviews, and by conducting a survey of 49 security practitioners. Then, we used a usability engineering process to design AuthzMap, a novel user-interface for reviewing access policies in organizations. We conducted a user study with 430 participants to compare the use of AuthzMap with two existing access review systems. The results show AuthzMap improved the efficiency in five of the seven tested tasks, and improved accuracy in one of them.
000000297 6531_ $$aIdM
000000297 6531_ $$aIAM
000000297 6531_ $$aUsable Security
000000297 6531_ $$aHOT ID
000000297 8560_ $$fpooya@ece.ubc.ca
000000297 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/297/files/ubc_2015_february_jaferian_pooya.pdf
000000297 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/297/files/ubc_2015_february_jaferian_pooya.pdf?subformat=pdfa$$xpdfa
000000297 909C4 $$pPooya Jaferian, "User-centered design of identity and access management systems," PhD dissertation, Department of Electrical and Computer Engineering, THE UNIVERSITY OF BRITISH COLUMBIA, December, 2014, pp.314
000000297 980__ $$aTHESIS