Advanced search
Publication Cover
Human–Computer Interaction Volume 29, 2014 - Issue 4
Submit an article Journal homepage
763
Views
18
CrossRef citations to date
0
Altmetric
Original Articles

Heuristics for Evaluating IT Security Management Tools

Pooya JaferianUniversity of British Columbia, CanadaView further author information
,
Kirstie HawkeyDalhousie University, CanadaView further author information
,
Andreas SotirakopoulosUniversity of British Columbia, CanadaView further author information
,
Maria Velez-RojasCA TechnologiesView further author information
&
Konstantin BeznosovUniversity of British Columbia, CanadaView further author information
Pages 311-350 | Published online: 29 Apr 2014

REFERENCES

  • Baker, K., Greenberg, S., & Gutwin, C. (2002). Empirical development of a heuristic evaluation methodology for shared workspace groupware. In Proceedings of the CSCW 2002 Conference on Computer Supported Cooperative Work (pp. 96–105). New York: ACM.
  • Barrett, R., Maglio, P. P., Kandogan, E., & Bailey, J. (2005). Usable autonomic computing systems: The system administrators' perspective. Advanced Engineering Informatics, 19, 213–221.
  • Barrett, R., Prabaker, M., & Takayama, L. (2004). Field studies of computer system administrators: Analysis of system management tools and practices. Proceedings of the CSCW 2004 Conference on Computer Supported Cooperative Work. New York: ACM.
  • Bauer, L., Cranor, L. F., Reeder, R. W., Reiter, M. K., & Vaniea, K. (2009). Real life challenges in access-control management. Proceedings of the CHI 2009 Conference on Human Factors in Computing Systems. New York, NY: ACM.
  • Beal, B. (2005). IT security: The product vendor landscape. Network Security, 2005(5), 9–10.
  • Botta, D., Muldner, K., Hawkey, K., & Beznosov, K. (2011). Toward understanding distributed cognition in IT security management: The role of cues and norms. Cognition, Technology, & Work, 13, 121–134.
  • Botta, D., Werlinger, R., Gagné, A., Beznosov, K., Iverson, L., Fels, S., & Fisher, B. (2007). Towards understanding IT security professionals and their tools. Proceedings of the Third Symposium on Usable Privacy and Security (SOUPS). New York: ACM.
  • Carroll, J. M., Neale, D. C., Isenhour, P. L., Rosson, M. B., & McCrickard, D. S. (2003). Notification and awareness: synchronizing task-oriented collaborative activity. International Journal of Human–Computer Studies, 58, 605–632.
  • Carroll, J. M., & Rosson, M. B. (1992). Getting around the task-artifact cycle: How to make claims and design by scenario. ACM Transactions on Information Systems, 10, 181–212.
  • Charmaz, K. (2006). Constructing grounded theory. Thousand Oaks, CA: Sage.
  • Chiasson, S., van Oorschot, P. C., & Biddle, R. (2007). Even experts deserve usable security: Design guidelines for security management systems. SOUPS Workshop on Usable IT Security Management. New York: ACM.
  • Dourish, P. (2001). Seeking a foundation for context-aware computing. Human–Computer Interaction, 16, 229–241.
  • Dourish, P., & Redmiles, D. (2002). An approach to usable security based on event monitoring and visualization. NSPW 2002 Proceedings of the 2002 workshop on new security paradigms. New York: ACM.
  • Engeström, Y. (1999). Activity theory and individual and social transformation. Perspectives on Activity Theory, pp. 19–38.
  • Engeström, Y. (2001). Expansive learning at work: Toward an activity theoretical reconceptualization. Journal of Education and Work, 14, 133–156.
  • Erickson, T., & Kellogg, W. A. (2000). Social translucence: An approach to designing systems that support social processes. ACM Transactions on Computer–Human Interaction, 7, 59–83.
  • Gagné, A., Muldner, K., & Beznosov, K. (2008). Identifying differences between security and other IT professionals: A qualitative analysis. HAISA 2008 Conference on Human Aspects of Information Security and Assurance. Plymouth, England: University of Plymouth.
  • Goodall, J. R., Lutters, W. G., & Komlodi, A. (2004). I know my network: Collaboration and expertise in intrusion detection. Proceedings of the CSCW 2004 Conference on Computer Supported Cooperative Work. New York: ACM.
  • Grance, T., Stevens, M., & Myers, M. (2003). NIST Special Publication 800-36, Guide to selecting information technology security products. Gaithersburg, MD: National Institute of Standards and Technology.
  • Greenberg, S., Fitzpatrick, G., Gutwin, C., & Kaplan, S. (2000). Adapting the locales framework for heuristic evaluation of groupware. Australian Journal of Information Systems, 7, 102–108.
  • Haber, E. M., & Bailey, J. (2007). Design guidelines for system administration tools developed through ethnographic field studies. CHIMIT 2007: Proceedings of the 2007 symposium on Computer human interaction for the management of information technology. New York: ACM.
  • Hartson, H. R., Andre, T. S., & Williges, R. C. (2001). Criteria for evaluating usability evaluation methods. International Journal of Human–Computer Interaction, 13, 373–410.
  • Hollan, J., Hutchins, E., & Kirsh, D. (2000). Distributed cognition: toward a new foundation for human-computer interaction research. ACM Transactions on Computer–Human Interaction, 7, 174–196.
  • Jaferian, P., Botta, D., Hawkey, K., & Beznosov, K. (2009). A case study of enterprise identity management system adoption in an insurance organization. Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology. New York: ACM.
  • Jaferian, P., Botta, D., Raja, F., Hawkey, K., & Beznosov, K. (2008). Guidelines for designing IT security management tools. Proceedings of the 2nd CHI Conference on Computer Human Interaction for Management of Information Technology. New York: ACM.
  • Jeffries, R., Miller, J. R., Wharton, C., & Uyeda, K. (1991). User interface evaluation in the real world: a comparison of four techniques. Proceedings of the CHI 1991 Conference on Human Factors in Computer Systems. New York: ACM.
  • Kandogan, E., & Haber, E. M. (2005). Security administration tools and practices. In L. F. Cranor & S. Garfinkel (Eds.), Security and usability: Designing secure systems that people can use (pp. 357–378). Sebastopol, CA: O'Reilly Media.
  • Kaptelinin, V., & Nardi, B. (2006). Acting with technology: Activity theory and interaction design. Cambridge, MA: MIT Press.
  • Kaptelinin, V., Nardi, B., Bodker, S., Carroll, J., Hollan, J., Hutchins, E., & Winograd, T. (2003). Post-cognitivist HCI: Second-wave theories. Proceedings of the CHI 2003 Conference on Human Factors in Computer Systems. New York: ACM.
  • Kesh, S., & Ratnasingam, P. (2007). A knowledge architecture for IT security. Communications of the ACM, 50, 103–108.
  • Kotulic, A. G., & Clark, J. G. (2004). Why there aren't more information security research studies. Information & Management, 41, 597–607.
  • Kraemer, S., & Carayon, P. (2007). Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists. Applied Ergonomics, 38, 143–154.
  • Kuutti, K. (1995). Activity theory as a potential framework for human-computer interaction research (pp. 17–44). Cambridge, MA: MIT Press.
  • Leont'ev, A. (1974). The problem of activity in psychology. Journal of Russian and East European Psychology, 13(2), 4–33.
  • Maglio, P. P., Kandogan, E., & Haber, E. (2003). Distributed cognition and joint activity in collaborative problem solving. Proceedings of the Twenty-fifth Annual Conference of the Cognitive Science Society. New York: ACM.
  • Mankoff, J., Dey, A. K., Hsieh, G., Kientz, J., Lederer, S., & Ames, M. (2003). Heuristic evaluation of ambient displays. Proceedings of the CHI 2003 Conference on Human Factors in Computer Systems. New York: ACM.
  • McGann, S., & Sicker, D. C. (2005). An analysis of security threats and tools in SIP-Based VoIP Systems. In 2nd VoIP Security Workshop (pp. 1–8). Washington DC, USA.
  • Muller, M. J., & McClard, A. (1995). Validating an extension to participatory heuristic evaluation: quality of work and quality of work life. Proceedings of the CHI 1995 Conference on Human Factors in Computer Systems. New York: ACM.
  • Nardi, B. A. (Ed.). (1995). Context and consciousness: Activity theory and human-computer interaction. Cambridge, MA: MIT Press.
  • Neale, D. C., Carroll, J. M., & Rosson, M. B. (2004). Evaluating computer–supported cooperative work: Models and frameworks. Proceedings of the CSCW 2004 Conference on Computer Supported Cooperative Work. New York: ACM.
  • Nielsen, J. (1992). Finding usability problems through heuristic evaluation. Proceedings of the CHI 1992 Conference on Human Factors in Computer Systems. New York: ACM.
  • Nielsen, J. (1993). Usability Engineering. Boston, MA: Academic Press.
  • Nielsen, J. (1994). Enhancing the explanatory power of usability heuristics. Proceedings of the CHI 1994 Conference on Human Factors in Computing Systems. New York: ACM.
  • Nielsen, J. (2005). Severity ratings for usability problems. Retrieved from http://www.useit.com/papers/heuristic/severityrating.html
  • Nielsen, J., & Molich, R. (1990). Heuristic evaluation of user interfaces. Proceedings of the CHI 1990 Conference on Human Factors in Computer Systems. New York: ACM.
  • Norman, D. A. (1991). Cognitive artifacts. Designing Interaction: Psychology at the Human-Computer Interface, pp. 17–38.
  • Norman, D. A., & Draper, S. W. (Eds.). (1986). User centered system design: New perspectives on human-computer interaction (pp. 31–61). Hillsdale, NJ: Erlbaum.
  • Olson, G. M., & Moran, T. P. (1998). Commentary on “Damaged Merchandise?” Human–Computer Interaction, 13, 263–323.
  • Penn, J. (2009). Market overview: IT security in 2009. Cambridge, MA: Forrester Research.
  • Pinelle, D., Wong, N., & Stach, T. (2008). Heuristic evaluation for games: Usability principles for video game design. Proceedings of the CHI 2008 Conference on Human Factors in Computer Systems. New York: ACM.
  • Rabardel, P., & Bourmaud, G. (2003). From computer to instrument system: A developmental perspective. Interacting with Computers, 15, 665–691.
  • Rogers, Y. (1992). Ghosts in the network: Distributed troubleshooting in a shared working environment. Proceedings of the CSCW 1992 Conference on Computer Supported Cooperative Work. New York: ACM.
  • Rosson, M. B., & Carroll, J. M. (2002). Usability engineering: Scenario-based development of human-computer interaction. San Francisco, CA: Morgan Kaufmann.
  • Sarbanes, P. (2002). Sarbanes-Oxley Act of 2002. In The Public Company Accounting Reform and Investor Protection Act. Washington, DC: US Congress.
  • Scholtz, J., & Consolvo, S. (2004). Toward a framework for evaluating ubiquitous computing applications. Pervasive Computing, IEEE, 3, 82–88.
  • Shneiderman, B. (1997). Designing the user interface: Strategies for effective human-computer interaction. Boston, MA: Addison-Wesley Longman.
  • Shneiderman, B. (2000). Creating creativity: User interfaces for supporting innovation. ACM Transactions on Computer–Human Interaction, 7, 114–138.
  • Siegel, D. A., Reid, B., & Dray, S. M. (2006). IT security: Protecting organizations in spite of themselves. Interactions, pp. 20–27.
  • Somervell, J. (2004). Developing heuristic evaluation methods for large screen information exhibits based on critical parameters (Unpublished PhD dissertation). Virginia Polytechnic Institute and State University, Blacksburg.
  • Sutcliffe, A., & Gault, B. (2004). Heuristic evaluation of virtual reality applications. Interacting with Computers, 16, 831–849.
  • Te'eni, D., Carey, J., & Zhang, P. (2007). Human–computer interaction: Developing effective organizational information systems. New York, NY: Wiley.
  • Thompson, R. S., Rantanen, E. M., Yurcik, W., & Bailey, B. P. (2007). Command line or pretty lines?: Comparing textual and visual interfaces for intrusion detection. Proceedings of the CHI 2007 Conference on Human Factors in Computer Systems. New York: ACM.
  • Velasquez, N. F., & Durcikova, A. (2008). Sysadmins and the need for verification information. CHiMiT 2008: Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology. New York: ACM.
  • Velasquez, N. F., & Weisband, S. P. (2008). Work practices of system administrators: Implications for tool design. CHiMiT 2008: Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology. New York: ACM.
  • Vicente, K. J. (2000). HCI in the global knowledge-based economy: Designing to support worker adaptation. ACM Transactions on Computer–Human Interaction, 7, 263–280.
  • Vredenburg, K., Mao, J.-Y., Smith, P. W., & Carey, T. (2002). A survey of user-centered design practice. Proceedings of the CHI 2002 Conference on Human Factors in Computer Systems. New York: ACM.
  • Werlinger, R., Hawkey, K., & Beznosov, K. (2009). An integrated view of human, organizational, and technological challenges of IT security management. Journal of Information Management & Computer Security, 17, 4–19.
  • Werlinger, R., Hawkey, K., Botta, D., & Beznosov, K. (2009). Security practitioners in context: Their activities and interactions with other stakeholders within organizations. International Journal of Human-Computer Studies, 67, 584–606.
  • Werlinger, R., Hawkey, K., Muldner, K., & Beznosov, K. (2009). Towards understanding diagnostic work during the detection and investigation of security incidents. Proceedings of HAISA: Human Aspects of Information Security and Assurance. Athens, Greece.
  • Werlinger, R., Hawkey, K., Muldner, K., Jaferian, P., & Beznosov, K. (2008). The challenges of using an intrusion detection system: Is it worth the effort? Proceedings of the 4th Symposium On Usable Privacy and Security (SOUPS). New York, NY: ACM.
  • Zager, D. (2002). Collaboration as an activity coordinating with pseudo-collective objects. Computer Supported Cooperative Work (CSCW), 11, 181–204.
  • Zhang, J., Johnson, T. R., Patel, V. L., Paige, D. L., & Kubose, T. (2003). Using usability heuristics to evaluate patient safety of medical devices. Journal of Biomedical Informatics, 36, 23–30.
  • Zhou, A. T., Blustein, J., & Zincir-Heywood, N. (2004). Improving intrusion detection systems through heuristic evaluation. IEEE Canadian Conference on Electrical B. and Computer Engineering. Piscataway, NJ: IEEE.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.