Even Experts Deserve Usable Security: Design guidelines for security management systems
نویسندگان
چکیده
Contrary to end-users, security is a primary task for those charged with the security of system or network. Despite the importance of the task, little is known about how to effectively design interfaces for security management systems. Usability problems in these systems can lead to security vulnerabilities because administrators may miss an attack altogether or misdiagnose it. We examined four different design approaches in order to devise a preliminary set of design guidelines for security management systems.
منابع مشابه
Towards Enhanced Usability of IT Security Mechanisms - How to Design Usable IT Security Mechanisms Using the Example of Email Encryption
Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most of these systems have not been designed with focus on good usability for the average end user. Today, the average end user often struggles with understanding...
متن کاملEven Hackers Deserve Usability
Penetration testing is a necessary task to prevent or mitigate network intrusion. System administrators often use various penetration testing tools to aid in testing their networks; systems administrators, however, often do not have significant security expertise. It is thus important that penetration testing tools be usable by non-security experts. Here we examine the extent to which two commo...
متن کاملUser-Centric IT Security - How to Design Usable Security Mechanisms
Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most of these systems have not been designed with focus on good usability for the average end user. Today, the average end user often struggles with understanding...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملامنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...
متن کامل