Title :
User Interface Harmonization for IT Security Management: User-Centered Design in the PoSecCo Project
Author :
Gallego-Nicasio Crespo, Beatriz
Author_Institution :
Res. & Innovation, Atos, Madrid, Spain
Abstract :
Quoting the National Institute of Standards and Technology (NIST), "the configuration of an information system and its components has a direct impact on the security posture of the system. [..] How those configurations are established and maintained requires a disciplined approach for providing adequate security" [1]. However, fitting the functional user needs is only one product success factor. In order to influence the acceptance of a software system by its target group of users, some factors such as the complexity of the system and its ease of use are also critical. The design approach followed by a user-centered engineering process focuses on the solution as a whole rather than on single components of the system, and on the user interface robustness rather than on system robustness. In this paper, we describe how usability and quality in use concepts, as defined by the standard ISO/IEC PDTR 9126-2/3/4 (Software Quality Metrics) [2], have been introduced in the design phases of the PoSecCo prototype. This paper summarizes the results of the analysis conducted in the PoSecCo project (www.posecco.eu), to group the six different organizational user roles of the project\´s integrated prototype (auditors and service provider\´s employees) into three main interface user group profiles: designers group, analytical group and consumers group. These three user group profiles define similar characteristics and requirements for what concern the usage of a graphical interface: visual attractiveness, general interaction with the functionalities offered and with the data managed by the system, reducing the effort and simplifying the subsequent design and implementation phases. The requirements associated to the user group profiles, as well as the task descriptions and information architecture, have been taken into account during the selection of the suitable technologies to implement the PoSecCo user interface, and in the development phases, in order to provide a harmonized an- usable user interface for IT auditors and professionals of the security policy and configuration management areas.
Keywords :
IEC standards; ISO standards; auditing; configuration management; project management; security of data; software metrics; software quality; user centred design; user interfaces; ISO/IEC PDTR 9126-2/3/4 standard; IT auditors; IT professionals; NIST; National Institute of Standards and Technology; PoSecCo project; PoSecCo prototype; PoSecCo user interface; analytical group; configuration management; consumer group; designer group; ease of use; functional user needs; information system configuration; organizational user roles; policy and security configuration management; product success factor; project integrated prototype; quality in use concepts; security policy; service provider employees; software quality metrics; software system; system complexity; usability concepts; user centered design; user group profiles; user interface robustness; user-centered engineering process; Business; Context; ISO standards; Prototypes; Security; Usability; User interfaces; IT audit; System design; compliance; quality in use; security policy management; usability; user centered design; user interfaces;
Conference_Titel :
Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
Conference_Location :
Regensburg
DOI :
10.1109/ARES.2013.111
