the cups blog


Design guidelines for IT security management tools

Reviewed papers from HOT Admin and other Guidelines (~20 papers) from literature and used them to create a set of 164 guidelines. Looked at technical, human and organizational factors. Took all 164 guidelines and put them through a card sorting exercise and came up with a framework in which all the guidelines fit.

Some important parts of the framework and subtopics:

  • Multiple levels of abstraction – Provide each person only with the information and view that they require for their job
  • Rehearsal and Planning – Deployment and configuration of a production system can be expensive and take down a system for a short time
  • Customizable Alerting – Need to be customized for different portions of the organization including thresholds, suppressing alarms or what channel is used.
  • Archiving – Tools need to keep track of critical information.
  • Workflow Support – Integration with different communication methods and sharing of information between different workflows

Hope to build this framework into a more comprehensive tool. Also trying to survey more papers (~45 currently). Want to see if all the current guidelines fit in the model.

Q: One problem with collaboration via a medium is the security of the medium of the collaboration. Is that considered much in the guidelines.

Q: How do you operationalize the guidelines is a very important question. For many organizations design guidelines are considered pointless. But if it is embedded in their tools such as eclipse then more people will make use of them.

Q: Is there anything in in your guidelines which discusses things like isolating portions of a network for security reasons?

Q: I appreciate the effort of extracting design guidelines from current literature. Once you gather these guidelines which are intended for tool designers go ask the designers and see if the guidelines help at all. Its tools not rules. Guidelines built into rules are far more effective in getting designers to pay attention.