Guidelines for designing IT security management tools

Jaferian, Pooya; Botta, David; Raja, Fahimeh; Hawkey, Kirstie; Beznosov, Konstantin

doi:10.1145/1477973.1477983

Cited by 31 publications

(28 citation statements)

References 46 publications

(130 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Also, one could consider additional constructs of interest to system administrators. For example, Jaferian, Botta, Raja, Hawkey, & Beznosov (2008) identify design guidelines that span general usability, technical complexity (such as providing for task prioritization and multiple levels of information abstraction), organizational complexity (such as providing for archiving and supporting collaboration), and task-specific guidelines (such as providing support for rehearsing and meaningful errors). Ross, Weill, and Robertson (2006) identify different organizational operating models that leverage enterprise architecture for organizational strategy; these models include varying levels of business process integration and standardization, which can be reflected in the information systems employed.…”

Section: Limitationsmentioning

confidence: 99%

The Integrated User Satisfaction Model: Assessing Information Quality and System Quality as Second-Order Constructs in System Administration

Forsgren¹,

Durcikova²,

Clay³

et al. 2016

CAIS

View full text Add to dashboard Cite

Abstract:While many studies have investigated the relationship between information systems (IS) characteristics and IS use, the results have been inconsistent. We argue that this inconsistency may be due to the modeling of information and system quality and the importance of the system usage context. We extend Wixom and Todd's (2005) integrated model of IS satisfaction by proposing and modeling information and system quality as second-order constructs and by testing the model in the system administration context. Our findings provide support for modeling information and system quality as second-order constructs in the integrated model. Furthermore, our findings support using additional constructs, unique to the context studied, in the integrated model. We contribute to current literature by 1) enhancing the construct validity of information and system quality, which ultimately improves statistical conclusion validity and internal validity for studies that focus on information and system quality; and 2) testing the extended model in the system administration context. Our findings suggest that future research should measure information quality and system quality as second-order constructs and that including context-specific information and system characteristics provides researchers and practitioners with a better understanding of IS characteristics important in system administration.

show abstract

Section: Limitationsmentioning

confidence: 99%

The Integrated User Satisfaction Model: Assessing Information Quality and System Quality as Second-Order Constructs in System Administration

Forsgren¹,

Durcikova²,

Clay³

et al. 2016

CAIS

View full text Add to dashboard Cite

show abstract

“…There is also a body of work which seeks to improve communications between systems and security administrators of an organisation on the current risks from a cyberattack. From the academic perspective, Jaferian and colleagues [69,70] have researched this topic in depth and defined design guidelines for IT security-management tools and heuristics for their evaluation. In terms of security communications in particular, the authors posit that designers should use a range of different presentation/interaction methods to display information, meaningful messages should be used, and interfaces and alerts should be appropriate for and customisable by users [69].…”

Section: B Decision-making On Security Risksmentioning

confidence: 99%

“…From the academic perspective, Jaferian and colleagues [69,70] have researched this topic in depth and defined design guidelines for IT security-management tools and heuristics for their evaluation. In terms of security communications in particular, the authors posit that designers should use a range of different presentation/interaction methods to display information, meaningful messages should be used, and interfaces and alerts should be appropriate for and customisable by users [69]. Other work targeted towards security managers/administrators such as [71,72] exists, but proposed guidelines do not readily extend to the security-risk communication aspects of interest.…”

Section: B Decision-making On Security Risksmentioning

confidence: 99%

“…Existing work already cited has a few of these guidelines in terms of risk communication and generally usable security. For example, keeping communications simple and minimalistic [67], assisting users in seeing the consequences of decisions [7], and engaging in some level of customisation of securityrisk information to specific target audiences [69]. Our future work therefore will seek to determine how useful these proposed recommendations may actually be.…”

Section: Recommendations For Improving Communication Of Cybersecurmentioning

confidence: 99%

See 1 more Smart Citation

Trustworthy and effective communication of cybersecurity risks: A review

Nurse

Creese

Goldsmith

et al. 2011

2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)

View full text Add to dashboard Cite

Abstract-Slowly but surely, academia and industry are fully accepting the importance of the human element as it pertains to achieving security and trust. Undoubtedly, one of the main motivations for this is the increase in attacks (e.g., social engineering and phishing) which exploit humans and exemplify why many authors regard them as the weakest link in the security chain. As research in the socio-technical security and trust fields gains momentum, it is crucial to intermittently pause and reflect on their progress while also considering related domains to determine whether there are any established principles which may be transferred. Comparison of the states-of-the-arts may assist in planning work going forward and identifying useful future directions for the less mature socio-technical field. This paper seeks to fulfil several of these goals, particularly as they relate to the emerging cybersecurity-risk communication domain. The literature reviews which we conduct here are beneficial and indeed noteworthy as they pull together a number of the key aspects which may affect the trustworthiness and effectiveness of communications on cybersecurity risks. In particular, we draw on information-trustworthiness research and the established field of risk communication. An appreciation of these aspects and precepts is imperative if systems are to be designed that play to individuals' strengths and assist them in maintaining security and protecting their applications and information.

show abstract

“…Therefore, in order to evaluate the IdM systems, we adapted Nielsen's heuristics by selecting the ones that are relevant with respect to the ITSM context. We changed the focus of the selected heuristics to address complexity and stakeholder diversity in ITSM based on the guidelines for user-center design of ITSM tools [7]. To address the dimension of cooperation, these are then combined with Gutwin and Greenberg's [5] framework to articulate the mechanics of collaboration.…”

Section: Evaluation Of Identity Manage-ment Systemsmentioning

confidence: 99%