HOT Admin: Human, Organization, and Technology Centred Improvement of the IT Security Administration

While cryptography, access control, accountability, and other security technologies have received a great deal of attention, to our knowledge this is the first attempt to address systematically the interaction of security administrative models and technologies with usability within an organization. Our focus on the integration of organizational structure, security mechanisms, and user interface design addresses the three key components of effective security administration (SA) in today’s workplace. Our novel approach will consider the problem as the interaction of three main factors: Humans, Organizations, and Technologies (HOT). Addressed Problem: The management of security and privacy in IT settings is an enormous, difficult, and costly problem with over $15B spent on tools alone around the world in 2004. Yet little is known about security administrators, their roles and responsibilities within organizations, and how effective existing tools and practices are at protecting organizations and employees while still allowing productive collaborative work. Much like an air-traffic controller, if a security administrator makes an error, entire organizations may be compromised leading to, in the best case, loss of productivity and, in the worst case, injury or death to people. Project Goals: To improve information technology (IT) security administration (SA), this project aims to achieve two overarching goals: first, to devise a methodology for evaluating the effectiveness of IT security administrative tools; second, to design effective technological solutions, guidelines, and techniques to aid security administrators. To achieve these objectives, we will advance the understanding of IT SA as a distinct human activity to the level at which comprehensive human, organizational, and technological models of IT SA can be used to develop the proposed evaluation methodology, and design guidelines and techniques.