Design guidelines for IT security management tools
نویسندگان
چکیده
One of the most important factors that impact usability of security systems within an organization are security tools. In this paper, we report preliminary results of our survey about design guidelines for IT security management tools. We gathered guidelines and recommendations related to IT security management tool from available literature as well as result of our previous studies on IT security management. We categorized and combined these guidelines into a set of high level guidelines that can be used by tool developers in development of tools. In addition we identified the relationship between guidelines and challenges in IT security management as well as the strength of evidence for each guidelines.
منابع مشابه
Even Experts Deserve Usable Security: Design guidelines for security management systems
Contrary to end-users, security is a primary task for those charged with the security of system or network. Despite the importance of the task, little is known about how to effectively design interfaces for security management systems. Usability problems in these systems can lead to security vulnerabilities because administrators may miss an attack altogether or misdiagnose it. We examined four...
متن کاملSD Elements: A Tool for Secure Application Development Management
A major problem in achieving security goals in application development is the overwhelming amount of security-related information, variety of tools, and numerous security risks and vulnerabilities. Software analysts, developers, and testers are not often able to identify relevant security knowledge. Many security tools focus only on detecting vulnerabilities, but the embedded available security...
متن کاملIT Security Governance: A Framework based on ISO 38500
ISO 38500 is an international standard for IT governance. The guidelines of ISO 38500 can also be applied at the IT security functional level in order to guide the governance of IT security. This paper proposes the use of a strategic information security management (ISM) framework to implement guidelines of ISO 38500. This approach provides several strategic advantages to the organization by 1)...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008