July 23-25, 2008
Pittsburgh, PA
Workshop on Usable IT Security Management (USM '08)July 23, 2008 part of 2008 Symposium on Usable Privacy and Security (SOUPS) Pittsburgh, PA Scope and Focus
Having recently received increasing attention, usable security is implicitly
all about the end user who employs a computer system to accomplish
security-unrelated business or personal goals. However, there is another
aspect to usable security. IT professionals have to deal with the order of
magnitude more difficult problem of managing security of large, complex
enterprise systems, where an error could cost a fortune. IT security is
distributed amongst various individuals and tools within the organization
making the support for IT security management tasks hard. The diversity of the
tasks also contributes to the complexity of the issues. The workshop
organizers are soliciting research and position papers on the usability of
tools and technology employed for all types of IT security management tasks,
including but not limited to:
The workshop participants are also welcome to explore in their papers
significant and interesting questions related to the usability of IT security
management, such as:
Program9:00 - 9:30 Introductions, logistics, and opening remarks 9:30 - 10:30 Invited Talk 10:30 - 11:00 Break 11:00 am - 12:00
12:00 - 1:00 pm: Lunch 1:00 - 2:00
2:00 - 2:30 Break 2:30 - 3:45
Invited talkHuman and Organizational Aspects of Security Incident Management
To truly be effective security incidents must be managed in an enterprise-wide process that defines for the organization how incidents are received, processed, and communicated. Building such an incident management capability can be challenging and complex due to the numerous people, systems, and business processes that must be taken into consideration. This talk will examine common human and organizational problems in not only handling computer security incidents but also in building a capability for performing this work. Bio: Robin Ruefle is a member of the technical staff of the CERT Program at the Software Engineering Institute at Carnegie Mellon University. She works as a member of the CERT CSIRT Development team (CDT). Ruefle’s focus is on the development of management, procedural, and technical guidelines and practices for the establishment, maturation, operation, and evaluation of Computer Security Incident Response Teams (CSIRTs) worldwide. As a member of the CDT, Ruefle develops and delivers sessions in the suite of courses offered to CSIRT managers and incident handling staff, including Creating a CSIRT, Managing CSIRTs, Fundamentals of Incident Handling, and Advanced Incident Handling for Technical Staff. She also participates in the Train-the-Trainer program that licenses these products to existing CSIRTs. The CSIRT Development Team also provides guidance in the development of implementation strategies, policies, standard operating procedures, response plans, and training programs for new and existing CSIRTs. As part of that work, Ruefle has authored or co-authored publications including: Handbook for CSIRTs 2nd Edition, Organizational Models for CSIRTs Handbook, CSIRT Services, State of the Practice of CSIRTs, Defining Incident Management Processes for CSIRTs: A Work in Progress, The Role of Computer Security Incident Response Teams in the Software Development Life Cycle, as well as numerous other articles and best practice guides. These documents can be found on the CSIRT Development webpages at [http://www.cert.org/csirts/]. Ruefle has presented at numerous incident response and security conferences, including The Forum for Incident Response and Security Teams (FIRST), The US Government Forum for Incident Response and Security Teams (GFIRST), EDUCAUSE, SECURE IT, and other similar venues. Ruefle received a BS in political science and an MPIA (Master of Public and International Affairs) from the University of Pittsburgh. She has also taught courses in information technology, management information systems, and information retrieval and analysis as an adjunct faculty member in the Continuing Education and MBA programs at Chatham College and in the Graduate School of Public and International Affairs (GSPIA) at the University of Pittsburgh. Workshop OrganizersKonstantin (Kosta) Beznosov, University of British Columbia John Karat, IBM SOUPS is sponsored by Carnegie Mellon CyLab. USM workshop is sponsored in part by the Laboratory for Education and Research in Secure Systems Engineering (LERSSE). |
Although technology plays a critical
role in the detection, analysis, and resolution of security incidents,
it is usually the human and organizational elements that will
determine how successful the response and recovery actually is. For
computer security incident response to occur in an effective and
successful way, all the tasks and processes being performed must be
viewed from an enterprise perspective. This means identifying how
tasks and processes relate, how information is exchanged, and how
actions are coordinated, no matter who is performing the work. Looking
only at the technology part of the process misses key human and
organizational elements that can impact the overall response, possibly
delaying actions due to confusion of roles and responsibilities,
ownership of data and systems, and organizational authority. Response
can also be delayed or ineffective because of communications problems
such as not knowing whom to contact or even due to poor quality
information being received about the event or incident. Any impact on
the response timeliness and quality can cause further damage to
critical assets and data during an incident.