More Web Proxy on the site http://driver.im/

Article

Towards understanding IT security professionals and their tools

Authors:

Rodrigo Werlinger,

Konstantin Beznosov,

Brian FisherAuthors Info & Claims

SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security

Pages 100 - 111

https://doi.org/10.1145/1280680.1280693

Published: 18 July 2007 Publication History

Abstract

We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their workplace and tools. We analyzed the interviews using a variation of Grounded Theory and predesigned themes. Our results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it. The workplace of our participants can be characterized by their responsibilities, goals, tasks, and skills. Three skills stand out as significant in the IT security management workplace: inferential analysis, pattern recognition, and bricolage.

References

[1]

Argus intrusion detection and prevention. http://www.qosient.com/argus/, February 2007.

[2]

R. Barrett, E. Haber, E. Kandogan, P. Maglio, M. Prabaker, and L. Takayama. Field studies of computer system administrators: Analysis of system management tools and practices. In Proceedings of the Conference on Computer Supported Collaborative Work, 2004.

Digital Library

[3]

A. Bartels, B. J. Holmes, and H. Lo. Global IT spending and investment forecast, 2006 to 2007. Forrester Research, 2006.

[4]

F. J. Börck. Discovering Information Security Management. Doctoral thesis, Stockholm University, Royal Institute of Technology, 2005.

[5]

S. Bodker. Human activity and human-computer interaction. In S. Bodker, editor, Through the Interface: A Human Activity Approach to User Interface Design, pages 18--56. Lawrence Erlbaum Associates, Publishers, Hillsdale, NJ, 1991.

[6]

H. H. Clark. Using Language. Cambridge University Press, Cambridge, England, 1996.

[7]

H. H. Clark and M. F. Schober. Asking questions and influencing answers. In J. M. Tanur, editor, Questions about questions: Inquiries into the cognitive bases of surveys. Russell Sage, New York, NY, 1992.

[8]

M. Elliott and R. Kling. Organizational usability of digital libraries: Case study of legal research in civil and criminal courts. American Society for Information Science, 4(11):1023--1035, 1997.

Digital Library

[9]

G. Fischer and E. Scharff. Meta-design: design for designers. In Proceedings of the Conference on Designing Interactive Systems (DIS), pages 396--405, New York, NY, USA, 2000. ACM Press.

Digital Library

[10]

B. Glaser and A. L. Strauss. The Discovery of Grounded Theory, Strategies for Qualitative Research. Aldine Publishing Company, Chicago, Illinois, 1967.

[11]

U. Holmstrom. User-centered design of secure software. In the 17th Symposium on Human Factors in Telecommunications, Denmark, 1999.

[12]

E. Hutchins. Cognition in the Wild. MIT Press, Cambridge, MA, 1995.

[13]

Internet relay chat (irc) help archive. http://www.irchelp.org/, February 2007.

[14]

E. Kandogan and E. M. Haber. Security administration tools and practices. In L. F. Cranor and S. Garfinkel, editors, Security and Usability: Designing Secure Systems that People Can Use, chapter 18, pages 357--378. O'Reilly Media, Inc., Sebastapol, 2005.

[15]

K. Kark, C. McClean, L. Koetzle, J. Penn, and S. Bernhardt. 2007 security budgets increase: The transition to information risk management begins. Forrester Research, 2007.

[16]

P. P. Maglio, E. Kandogan, and E. Haber. Distributed cognition and joint activity in collaborative problem solving. In Proceedings of the Twenty-fifth Annual Conference of the Cognitive Science Society, 2003.

[17]

T. Malone, K. Lai, and K. Grant. Two design principles for collaboration technology: Examples of semiformal systems and radical tailorability. Coordination Theory and Collaboration Technology, pages 125--160, 2001.

[18]

Merriam-Webster. Merriam-webster's collegiate dictionary, 1994.

[19]

Nessus security scanner. http://www.nessus.org/, February 2007.

[20]

J. Nielsen. Usability Engineering. Morgan Kaufmann, San Francisco, 1994.

Digital Library

[21]

Idea works: Qualrus software. http://www.ideaworks.com/qualrus/index.html, February 2007.

[22]

K. J. Vicente. Cognitive Work Analysis: Toward Safe, Productive, and Healthy Computer-Based Work. Mahwah, NJ: Lawrence Erlbaum Associates, Publishers, 1999.

Digital Library

[23]

A. Wool. A quantitative study of firewall configuration errors. Computer, 37(6):62--67, 2004.

Digital Library

[24]

R. Yin. Case study research: Design and methods (2nd ed.). Sage Publishing, Beverly Hills, CA, 1994.

[25]

M. Zurko, R. Simon, and T. Sanfilippo. A user-centered, modular authorization service built on an RBAC foundation. In IEEE Symposium on Security and Privacy, pages 57--71, Oakland, CA, USA, 1999.

[26]

M. E. Zurko and R. T. Simon. User-centered security. In New Security Paradigms Workshop, pages 27--33, Lake Arrowhead, California, 1996. ACM Press.

Digital Library

Cited By

Saeed M(2024)Comparing the influence of cybersecurity knowledge on attack detection: insights from experts and novice cybersecurity professionalsOpen Computer Science10.1515/comp-2024-001614:1Online publication date: 1-Nov-2024
https://doi.org/10.1515/comp-2024-0016
Sammak RRotthaler ARamulu HWermke DAcar YTorres-Arias SDe Carli LZhang Y(2024)Developers' Approaches to Software Supply Chain Security: An Interview StudyProceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3689944.3696160(56-66)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689944.3696160
Gallardo AErbes RLe Blanc KBauer LCranor L(2024)Interdisciplinary Approaches to Cybervulnerability Impact Assessment for Energy Critical InfrastructureProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642493(1-24)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642493
Show More Cited By

Index Terms

Towards understanding IT security professionals and their tools

Recommendations

Understanding career commitment of IT professionals: Perspectives of push-pull-mooring framework and investment model

Using push-pull-mooring framework and investment model as theoretical lenses, this study provides a compelling theoretical model that helps understand the important antecedents of career commitment of IT professionals. Especially, we examined the ...
The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness

Although most behavioral security studies focus on organizational in-role behaviors such as information security policy ISP compliance, the role of organizational extra-role behaviors-security behaviors that benefit organizations but are not specified ...
IT Professionals: An Iberian Snapshot

Nowadays, Universities and other Training Institutions need to clearly identify the Information Technology IT skills that companies demand from IT practitioners. This is essential not only for offering appropriate and reliable university degrees, but ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security

July 2007

188 pages

ISBN:9781595938015

DOI:10.1145/1280680

General Chair:
Lorrie Faith Cranor
Carnegie Mellon University

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

CyLab

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 July 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SOUPS '07

Sponsor:

SOUPS '07: The third Symposium on Usable Privacy and Security

July 18 - 20, 2007

Pennsylvania, Pittsburgh, USA

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

86
Total Citations
View Citations
2,063
Total Downloads

Downloads (Last 12 months)101
Downloads (Last 6 weeks)15

Reflects downloads up to 19 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Saeed M(2024)Comparing the influence of cybersecurity knowledge on attack detection: insights from experts and novice cybersecurity professionalsOpen Computer Science10.1515/comp-2024-001614:1Online publication date: 1-Nov-2024
https://doi.org/10.1515/comp-2024-0016
Sammak RRotthaler ARamulu HWermke DAcar YTorres-Arias SDe Carli LZhang Y(2024)Developers' Approaches to Software Supply Chain Security: An Interview StudyProceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses10.1145/3689944.3696160(56-66)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3689944.3696160
Gallardo AErbes RLe Blanc KBauer LCranor L(2024)Interdisciplinary Approaches to Cybervulnerability Impact Assessment for Energy Critical InfrastructureProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642493(1-24)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642493
DeValk KElmqvist N(2023)Riverside: A design study on visualization for situation awareness in cybersecurityInformation Visualization10.1177/1473871623118922023:1(40-66)Online publication date: 17-Aug-2023
https://doi.org/10.1177/14738716231189220
Soroko DSavino GGray NSchöning J(2023)Social Transparency in Network Monitoring and Security SystemsProceedings of the 22nd International Conference on Mobile and Ubiquitous Multimedia10.1145/3626705.3627773(37-53)Online publication date: 3-Dec-2023
https://dl.acm.org/doi/10.1145/3626705.3627773
Gutfleisch MSchöps MHorstmann SWichmann DSasse M(2023)Security Champions Without Support: Results from a Case Study with OWASP SAMM in a Large-Scale E-Commerce EnterpriseProceedings of the 2023 European Symposium on Usable Security10.1145/3617072.3617115(260-276)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3617072.3617115
Desai STwidale M(2023)Metaphors in Voice User Interfaces: A Slippery FishACM Transactions on Computer-Human Interaction10.1145/360932630:6(1-37)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1145/3609326
Mohd Kassim SLi SArief B(2023)Understanding How National CSIRTs Evaluate Cyber Incident Response Tools and Data: Findings from Focus Group DiscussionsDigital Threats: Research and Practice10.1145/36092304:3(1-24)Online publication date: 6-Oct-2023
https://dl.acm.org/doi/10.1145/3609230
Song JWan SHuang MLiu JSun LLi Q(2023)Toward Automatically Connecting IoT Devices with Vulnerabilities in the WildACM Transactions on Sensor Networks10.1145/360895120:1(1-26)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3608951
Nurgalieva LFrik ADoherty G(2023)A Narrative Review of Factors Affecting the Implementation of Privacy and Security Practices in Software DevelopmentACM Computing Surveys10.1145/358995155:14s(1-27)Online publication date: 4-Apr-2023
https://dl.acm.org/doi/10.1145/3589951
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents