Abstract
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. In this article, we explore how domain specific heuristics are created by examining prior research in the area of heuristic and guideline creation. We then describe our approach of creating usability heuristics for ITSM tools, which is based on guidelines for ITSM tools that are interpreted and abstracted with activity theory. With a between-subjects study, we compared the employment of the ITSM and Nielsen's heuristics for evaluation of a commercial identity management system. Participants who used the ITSM set found more problems categorized as severe than those who used Nielsen's. We analyzed several aspects of our heuristics including the performance of individual participants using the heuristic, the performance of individual heuristics, the similarity of our heuristics to Nielsen's, and the participants' opinion about the use of heuristics for evaluation of IT security tools. We then discuss the implications of our results on the use of ITSM and Nielsen's heuristics for usability evaluation of ITSM tools.
Highlights
Information technology security management (ITSM) tools serve several purposes including protection, detection, and user management
Our results show that the evaluation of the Identity Management (IdM) system requires more evaluators compared to evaluations performed by Nielsen on simple user interfaces; we observed few overlaps between problems identified by individual evaluators using either Nielsen’s or the IT security management (ITSM) heuristics
We presented heuristics for the evaluation of ITSM tools
Summary
Information technology security management (ITSM) tools serve several purposes including protection (e.g., network, system, and data), detection (e.g., tools for threat and vulnerability management), and user management Werlinger et al [57] identified nine security activities that require collaborative interactions and developed a model of the complexity of their interactions This complexity arises from organizational attributes (e.g., distribution of IT management); the need for SPs to interact with multiple stakeholders with different perceptions of risk and levels of security training; and their need to engage in multiple security related activities. Each of these activities may require different tacit knowledge and kinds of information to be conveyed. One of the dominant theoretical foundations for HCI has been information processing psychology [24] This theory focuses on human actions as the units of analysis. As prior research shows that social and organizational factors impact ITSM activities, activity theory may be useful when describing the ITSM context
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
