Identifying Differences Between Security and Other IT Professionals: a...
We report factors differentiating security and other IT responsibilities. Our findings are based on a qualitative analysis of data from 27 interviews across 11 distinct organizations. The results show...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures---based predominantly on the request-response...
View ArticleHuman, Organizational and Technological Challenges of Implementing IT...
Our qualitative research provides a comprehensive list of challenges to the practice of IT security within organizations, including the interplay between human, organizational, and technical factors....
View ArticleThe Challenges of Using an Intrusion Detection System: Is It Worth the Effort?
An intrusion detection system (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs,...
View ArticleResponding to security incidents: are security tools everything you need?
Presentation given at FIRST'08 conference.
View ArticleToward Understanding the Workplace of IT Security Practitioners
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...
View ArticleSearching for the Right Fit: Balancing IT Security Management Model Trade-Offs
IT security professionals’ effectiveness in an organization is influenced not only by how usable their security management tools are but also by how well the organization’s security management model...
View ArticleManagement of IT Security in Organizations: What Makes It Hard?
Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleChallenges, Collaborative Interactions, and Diagnosis Performed by IT...
This thesis investigates four different aspects of information security management: challenges faced by security practitioners, interactive collaborations among security practitioners and other...
View ArticleGuidelines for Designing IT Security Management Tools
An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. In this paper, we present a survey of design guidelines for...
View ArticleOn the Imbalance of the Security Problem Space and its Expected Consequences
Purpose – This paper aims to report on the results of an analysis of the computer security problem space, to suggest the areas with highest potential for making progress in the attacker-defender game,...
View ArticleAuthorization Using the Publish-Subscribe Model
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed...
View ArticleCreation and Evaluation of SQL Injection Security Tools
This work summarizes our research on the topic of the creation and evaluation of security tools against SQL injection attacks (SQLIAs). We introduce briefly the key concepts and problems of information...
View ArticleAuxiliary Material for the Study of Security Practitioners in Context: Their...
This technical report contains additional material for the study, which investigated the context of interactions of IT security practitioners.
View ArticleTowards Improving Mental Models of Personal Firewall Users
Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. However, our study of this interface revealed that concealing the impact of...
View ArticleMobile Applications for Public Sector: Balancing Usability and Security
Development of mobile software applications for use in specific domains such as Public Security must conform to stringent security requirements. While mobile devices have many known limitations,...
View ArticleUsability Study of Windows Vista’s Firewall
Windows Vista is shipped with a built-in personal firewall. The firewall has lots of new features over its predecessor, XP’s firewall. But, previous studies showed that Vista’s firewall have a set of...
View ArticleUsability of Windows Vista Firewall: A Laboratory User Study
In this project we conducted a user study of Microsoft Windows Vista Firewall: a lab study followed by a questionnaire to evaluate the usability of Vista’s personal firewall. Our results show that the...
View ArticleA Usability Analysis of Microsoft Windows Vista’s Firewall
The usability of personal firewalls has not received a significant amount of attention in the literature. However, it is essential that these firewalls - which are used by the lay end-user to protect...
View ArticleSecurity Practitioners in Context: Their Activities and Interactions with...
This study investigates the context of interactions of IT security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. We identify nine different activities...
View ArticleAn integrated view of human, organizational, and technological challenges of...
Abstract Purpose – The purpose of this study is to determine the main challenges that IT security practitioners face in their organizations, including the interplay among human, organizational, and...
View ArticleSQLPrevent: Effective Dynamic Protection Against SQL Injection Attacks
This paper presents an approach for retrofitting existing web applications with run-time protection against known as well as unseen SQL injection attacks (SQLIAs). This approach (1) is resistant to...
View ArticleUsability Meets Access Control: Challenges and Research Opportunities
This panel discusses specific challenges in the usability of access control technologies and new opportunities for research. The questions vary from “Why nobody, even experts, uses access control lists...
View ArticleRevealing Hidden Context: Improving Mental Models of Personal Firewall Users
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of...
View Article
