Even Experts Deserve Usable Security: Design guidelines for security management systems

to end-users, security is a primary task f or those charged with the security of system or network. Despite th e importance of the task, little is known about how to effectively design interfaces for security management systems. Usability problems in these systems can lead to security vulnerabilities becaus e administrators may miss an attack altogether or misdiagnose it. We examined four different design approaches in order to devise a preliminary set of design guidelines for security management sy stems.

[1]  John T. Stasko,et al.  Attacking information visualization system usability overloading and deceiving the human , 2005, SOUPS '05.

[2]  Anastasis D. Petrou Review of “Persuasive technology: Using computers to change what we think and do by B. J. Fogg” Morgan Kaufmann, 2003 , 2003 .

[3]  Paul Dourish,et al.  Social navigation as a model for usable security , 2005, SOUPS '05.

[4]  James D. Hollan,et al.  Edit wear and read wear , 1992, CHI.

[5]  Kim J. Vicente,et al.  Ecological Interface Design: Progress and Challenges , 2002, Hum. Factors.

[6]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[7]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[8]  Catherine M. Burns,et al.  Ecological interface design: a new approach for visualizing network management , 2003, Comput. Networks.

[9]  John R. Goodall,et al.  A user-centered look at glyph-based security visualization , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[10]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[11]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[12]  B. J. Fogg,et al.  Persuasive technology: using computers to change what we think and do , 2002, UBIQ.

[13]  Kristina Höök,et al.  Social navigation: techniques for building more usable systems , 2000, INTR.

[14]  John T. Stasko,et al.  IDS rainStorm: visualizing IDS alarms , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[15]  Colin Potts,et al.  Design of Everyday Things , 1988 .

[16]  Kim J. Vicente,et al.  Ecological interface design: theoretical foundations , 1992, IEEE Trans. Syst. Man Cybern..

[17]  Robert Biddle,et al.  A Usability Study and Critique of Two Password Managers , 2006, USENIX Security Symposium.