ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Human, organizational, and technological factors of IT security
Full text PdfPdf (1.08 MB)
Source
Conference on Human Factors in Computing Systems archive
CHI '08 extended abstracts on Human factors in computing systems table of contents
Florence, Italy
SESSION: Research landscapes table of contents
Pages 3639-3644  
Year of Publication: 2008
ISBN:978-1-60558-012-X
Authors
Kirstie Hawkey  University of British Columbia, Vancouver, BC, Canada
David Botta  University of British Columbia, Vancouver, BC, Canada
Rodrigo Werlinger  University of British Columbia, Vancouver, BC, Canada
Kasia Muldner  University of British Columbia, Vancouver, BC, Canada
Andre Gagne  University of British Columbia, Vancouver, BC, Canada
Konstantin Beznosov  University of British Columbia, Vancouver, BC, Canada
Sponsors
ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 48,   Downloads (12 Months): 232,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1358628.1358905
What is a DOI?

ABSTRACT

This paper describes the HOT Admin research project, which is investigating the human, organizational, and technological factors of IT security from the perspective of security practitioners. We use qualitative methods to examine their experiences along several themes including: unique characteristics of this population, the challenges they face within the organization, their activities, their collaborative interactions with other stakeholders, the sub-optimal situations they face as a result of distributed security management, and the impact of the security management model in place. We present preliminary results for each theme, as well as the implications of these results on the field of usable security and other research areas within HCI.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
David Botta , Rodrigo Werlinger , André Gagné , Konstantin Beznosov , Lee Iverson , Sidney Fels , Brian Fisher, Towards understanding IT security professionals and their tools, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania  [doi>10.1145/1280680.1280693]
 
2
Busby, J.S., Error and distributed cognition in design. Design Studies, (2001). 22: 233--254.
 
3
Flechais, I. and Sasse, M.A., Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science. Int. J. Human-Computer Studies, (2007): doi:10.1016/j.ijhcs.2007.10.002.
 
4
Haber, E. and Kandogan, E. Security Administrators: A Breed Apart. Proc. of Workshop on Usable IT Security Management, SOUPS 2007. (2007).
 
5
Kandogan, E. and Haber, E.M., Security administration tools and practices., in Security and Usability: Designing Secure Systems that People Can Use, L.F. Cranor and Garfinkel, S., Editors. 2005, O'Reilly Media, Inc.: Sebastapol. 357--378.
 
6
Kankanhalli, A., Teo, H.-H., Tan, B.C.Y., and Wei, K.-K., An integrative study of information systems security effectiveness. Int. J. Information Management, (2003). 23(2): 139--154.
 
7
Killcrece, G., Kossakowski, K.P., Ruefle, R., and Zajicek, M., Organizational models for computer security incident response teams (CSIRTS). (2003): CMU/SEI-2003-HB-001 ADA421684: http://www.sei.cmu.edu/publications/documents/03.reports/03hb001.html.
 
8
Killcrece, G., Kossakowski, K.P., Ruefle, R., and Zajicek, M., Incident Management. (2005): buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/incident/223.html.
 
9
Knapp, K.J., Marshall, T.E., Rainer, R.K., and Ford, F.N., Managerial dimensions in information security: A theoretical model of organizational effectiveness. (2005): www.isc2.org/download/auburnstudy2005.pdf.
 
10
Andrew G. Kotulic , Jan Guynes Clark, Why there aren't more information security research studies, Information and Management, v.41 n.5, p.597-607, May 2004  [doi>10.1016/j.im.2003.08.001]
 
11
Rayford B. Vaughn, Jr. , Ronda Henning , Kevin Fox, An empirical study of industrial security-engineering practices, Journal of Systems and Software, v.61 n.3, p.225-232, April 2002  [doi>10.1016/S0164-1212(01)00150-9]
 
12
Redish, J., Expanding usability testing to evaluate complex systems. J. Of Usability Studies, (2007). 2(3): 102--111.
13
David A. Siegel , Bill Reid , Susan M. Dray, IT security: protecting organizations in spite of themselves, interactions, v.13 n.3, May + June 2006  [doi>10.1145/1125864.1125885]
14
Rodrigo Werlinger , David Botta , Konstantin Beznosov, Detecting, analyzing and responding to security incidents: a qualitative analysis, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania  [doi>10.1145/1280680.1280702]
15
Rodrigo Werlinger , Kirstie Hawkey , Konstantin Beznosov, Security practitioners in context: their activities and interactions, CHI '08 extended abstracts on Human factors in computing systems, April 05-10, 2008, Florence, Italy  [doi>10.1145/1358628.1358931]

CITED BY  4
Rodrigo Werlinger , Kirstie Hawkey , Kasia Muldner , Pooya Jaferian , Konstantin Beznosov, The challenges of using an intrusion detection system: is it worth the effort?, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
Pooya Jaferian , David Botta , Fahimeh Raja , Kirstie Hawkey , Konstantin Beznosov, Guidelines for designing IT security management tools, Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology, November 14-15, 2008, San Diego, California
Rodrigo Werlinger , Kirstie Hawkey , David Botta , Konstantin Beznosov, Security practitioners in context: Their activities and interactions with other stakeholders within organizations, International Journal of Human-Computer Studies, v.67 n.7, p.584-606, July, 2009
Rodrigo Werlinger , Kirstie Hawkey , David Botta , Konstantin Beznosov, Security practitioners in context: Their activities and interactions with other stakeholders within organizations, International Journal of Human-Computer Studies, v.67 n.7, p.584-606, July, 2009

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.3 Group and Organization Interfaces
          Subjects: Collaborative computing


General Terms:
Human Factors


Keywords:
human factors, it security, organizational factors, qualitative research, technological factors

Collaborative Colleagues:
Kirstie Hawkey: colleagues
David Botta: colleagues
Rodrigo Werlinger: colleagues
Kasia Muldner: colleagues
Andre Gagne: colleagues
Konstantin Beznosov: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player