SOUPS 2008

July 23-25, 2008
Pittsburgh, PA

SOUPS Home

Call for participation

Registration

Program

Venue

Organization

Workshop on Usable IT Security Management (USM '08)

July 23, 2008

part of 2008 Symposium on Usable Privacy and Security (SOUPS)

Pittsburgh, PA

Scope and Focus

Having recently received increasing attention, usable security is implicitly all about the end user who employs a computer system to accomplish security-unrelated business or personal goals. However, there is another aspect to usable security. IT professionals have to deal with the order of magnitude more difficult problem of managing security of large, complex enterprise systems, where an error could cost a fortune. IT security is distributed amongst various individuals and tools within the organization making the support for IT security management tasks hard. The diversity of the tasks also contributes to the complexity of the issues. The workshop organizers are soliciting research and position papers on the usability of tools and technology employed for all types of IT security management tasks, including but not limited to:

  • analysis of security and privacy regulations, requirements, and liabilities
  • management of security and privacy policies
  • design of security controls and procedures
  • deployment, integration, modification, and maintenance of security solutions
  • security configuration and monitoring of devices, systems, and applications
  • collection, visualization, and analysis of security information
  • detection, reporting, response to, investigation of, and recovery from security incidents
  • management of user accounts and rights
  • compliance with regulations
  • patch management

The workshop participants are also welcome to explore in their papers significant and interesting questions related to the usability of IT security management, such as:

  • Are the notions of usable security for end-users and IT professionals the same?
  • What is unique about IT security management, and why should HCISec community care?
  • What are the differences in the background, training, goals, tasks, constraints, and tools between end-users, IT security professionals, and other IT staff (e.g., network admins)?
  • How do these differences affect the (perception of) usability of the security mechanisms and tools?
  • Can the approaches to improving the security usability for end-users be directly applied to the domain of IT security management, and vice versa?
  • With some of the modern-day systems, where users are largely responsible for their own security self-administration, where is the boundary between the end-users, power users, and IT security professionals? Can it be defined precisely or is it blurred?

USM'07 solicits short research and position papers from academia and industry about all aspects of IT security management usability. The workshop will provide an opportunity for interdisciplinary researchers and practitioners to discuss this fascinating and important topic. Those interested in participating in the workshop should submit a research or position paper of up to six pages along with a cover letter describing their research interests, experience, and background in the area of usable IT security management.

Workshop papers will be posted on the SOUPS website and distributed to attendees on the SOUPS 2008 CD. However, workshop papers will not be formally published, and therefore may include work the authors plan to publish elsewhere.

Submissions

The workshop solicits research and position papers from academia and industry about all aspects of IT security management usability. Papers may be up to 6 pages in length including bibliography, appendices, and figures, using the SOUPS proceedings template for LaTeX or MS Word. All submissions must be in PDF format and should not be blinded.

Submit your paper using the electronic submissions page for the SOUPS 2008 conference. A successful submission will display a web page confirming it, and a confirmation email will be sent to the corresponding author. Please make sure you receive that confirmation email when you submit, and follow the directions in that email if you require any follow up.

Important Dates

  • Position papers deadline: April 24.
  • Notification of acceptance: May 11
  • Camera ready final versions of the papers due: June 6

Workshop Organizers

Konstantin (Kosta) Beznosov, University of British Columbia

John Karat, IBM

 

SOUPS is sponsored by Carnegie Mellon CyLab.

USM workshop is sponsored in part by the Laboratory for Education and Research in Secure Systems Engineering (LERSSE).