Quantcast
Channel: Publications of the Laboratory for Education and Research in Secure Systems Engineering (LERSSE)
Browsing latest articles
Browse All 26 View Live

Summary of the HOT Admin Proposal

View Article



Usable Security: Quo Vadis?

The presentation discusses the current state of HCISec and challanges for future research.

View Article

Studying IT Security Professionals: Research Design and Lessons Learned

The HOT Admin Field Study used qualitative methods to study information technology security administrators. Both the nature of the field and the difficulty of gaining access to subjects had...

View Article

On the Imbalance of the Security Problem Space and its Expected Consequences

This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon. The decomposition of the problem space into technological, human, and social factors...

View Article

Towards Understanding IT Security Professionals and Their Tools

We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their...

View Article


Understanding IT Security Administration through a Field Study

The security administration of large organizations is exceptionally challenging due to the increasingly large numbers of application instances, resources, and users; the growing complexity and dynamics...

View Article

Towards Understanding IT Security Professionals and Their Tools

It is estimated that organizations worldwide will spend around $100 Billion USD on IT Security in 2007. A notable size of this will be spent on tools but little is known how effective IT security...

View Article

A Study of Security Administration Errors

Security administrators prevent security breaches against their infrastructure by using their tools to implement the security policy. This paper deals with security administration errors that were...

View Article


On the Imbalance of the Security Problem Space and its Expected Consequences

This paper considers the attacker-defender game in the field of computer security as a three-dimensional phenomenon. The decomposition of the problem space into technological, human, and social factors...

View Article


Searching for the Right Fit: A Case Study of IT Security Management Model...

The usability of security systems within an organization is impacted not only by tool interfaces but also by the security management model (SMM) of the IT security team. Finding the right SMM is...

View Article

Security Practitioners in Context: Their Activities and Interactions

This study develops the context of interactions of IT security practitioners. Preliminary qualitative analysis of 22 interviews (to date) and participatory observation has identified eight different...

View Article

Security Practitioners in Context: Their Activities and Collaborative...

This study develops the context of interactions of IT security practitioners. Preliminary qualitative analysis of 22 interviews (to date) and participatory observation has identified eight different...

View Article

HOT Admin Research Project: Overview and Results to Date

Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...

View Article


A Broad Empirical Study of IT Security Practioners

Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...

View Article

The Challenges of Using an Intrusion Detection System: Is It Worth the Effort?

An intrusion detection system (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs,...

View Article


Toward Understanding the Workplace of IT Security Practitioners

Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...

View Article

Management of IT Security in Organizations: What Makes It Hard?

Security of information technology (IT) has become a critical issue for organizations as they must protect their information assets from unauthorized access and quickly resume business activities after...

View Article


Towards Improving Mental Models of Personal Firewall Users

Windows Vista’s personal firewall provides its diverse users with a basic interface that hides many operational details. However, our study of this interface revealed that concealing the impact of...

View Article

Mobile Applications for Public Sector: Balancing Usability and Security

Development of mobile software applications for use in specific domains such as Public Security must conform to stringent security requirements. While mobile devices have many known limitations,...

View Article

Usability Study of Windows Vista’s Firewall

Windows Vista is shipped with a built-in personal firewall. The firewall has lots of new features over its predecessor, XP’s firewall. But, previous studies showed that Vista’s firewall have a set of...

View Article

Usability of Windows Vista Firewall: A Laboratory User Study

In this project we conducted a user study of Microsoft Windows Vista Firewall: a lab study followed by a questionnaire to evaluate the usability of Vista’s personal firewall. Our results show that the...

View Article


A Usability Analysis of Microsoft Windows Vista’s Firewall

The usability of personal firewalls has not received a significant amount of attention in the literature. However, it is essential that these firewalls - which are used by the lay end-user to protect...

View Article


Security Practitioners in Context: Their Activities and Interactions with...

This study investigates the context of interactions of IT security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. We identify nine different activities...

View Article

Usability Meets Access Control: Challenges and Research Opportunities

This panel discusses specific challenges in the usability of access control technologies and new opportunities for research. The questions vary from “Why nobody, even experts, uses access control lists...

View Article

Guidelines for Designing IT Security Management Tools

An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. In this paper, we present a survey of design guidelines for...

View Article

Browsing latest articles
Browse All 26 View Live




Latest Images