Aligning Information Systems Security and Usability Requirements for Computer-Based Information Systems



Similar documents
Participatory Design and Cyclic Improvement of Business Processes with Workflow Management Systems

Using The Internet To Simulate Virtual Organizations In MBA Curricula

MASTER S COURSES FASHION & LUXURY BRAND MANAGEMENT

A Theoretical Framework for Assessing Effects of User Generated Content on a Company s Marketing Outcomes

A model for assessing the quality of e-commerce systems

Why Data Mining Research Does Not Contribute to Business?

1. Department of Curriculum and Instruction LIB 863, Course Title: Computer Use and Media Preparation Credit Hours: 3

Measuring, Evaluating and Improving the Usability of Electronic Health Records

6. Chief human resources officer

Business Intelligence Software for the Classroom: MicroStrategy Web and Analytic Applications

Review of Creative leadership: Skills that drive change

Methodological Approaches to Evaluation of Information System Functionality Performances and Importance of Successfulness Factors Analysis

Turkish Online Journal of Distance Education-TOJDE July 2006 ISSN Volume: 7 Number: 4 Review: 2

Outsourcing Tools for IT

LITERATURE REVIEWS. The 2 stages of a literature review

Two Examples of a Statement of Purpose - Note the level of citation!

UPTIME MAGAZINE. june/july15 JUNE/JULY uptimemagazine.com

WARSAW SCHOOL OF ECONOMICS

GUIDE TO THE. 12 Must-Have KPIs for Sales Enablement

Social Network Analysis of a Participatory Designed Online Foreign Language Course

Using Log Files to Assess Web-Enabled Information System Usage

Correlation between competency profile and course learning objectives for Full-time MBA

The Hidden Value of Enterprise Content Management Deliver business value by leveraging information

Abstraction in Computer Science & Software Engineering: A Pedagogical Perspective

Developing Business Architecture with TOGAF

Measurement Information Model

International Journal of Science and Research (IJSR) ISSN (Online): Index Copernicus Value (2013): 6.14 Impact Factor (2015): 6.

THE IMPACT OF ACCOUNTING INFORMATION SYSTEMS (AIS) DEVELOPMENT LIFE CYCLE ON ITS EFFECTIVENESS AND CRITICAL SUCCESS FACTORS

Some Specific Parawise Suggestinons. 2. An application which collects and analyzes this data for further consolidation and,

Towards a Benefits Realization Roadmap for ERP Usage in Small and Medium-Sized Enterprises

Dr. Joseph H. Schuessler Tarleton State University Computer Information Systems (254)

INFORMATION SHARING IN SUPPORT OF STRATEGIC INTELLIGENCE

Enterprise Release Management

Analysis Of VOIP: A Case Study In A Small Independent Hotel

A Comprehensive Information Technology Risk Assessment Audit Framework for Small- and Medium-Sized Financial Institutions

Distributed Computer Environment Software Maintenance:System Complexity Versus Component Simplicity

The Leadership Pipeline Ram Charan, Stephen Drotter, and James Noel

Do you know? "7 Practices" for a Reliable Requirements Management. by Software Process Engineering Inc. translated by Sparx Systems Japan Co., Ltd.

What is Records Management?

On Project Management Scheduling where Human Resource is a Critical Variable 1

A Qualitative Research Perspective on BPM Adoption and the Pitfalls of Business Process Modeling

Practical-Theoretical Approach in the Application of Theory Models of Organizational Behavior Dr. Robert DeYoung - Saint Thomas University

Sales Management 101, Conducting Powerful Sales Review Meetings

ADMINISTRATIVE POLICY # (2014) Information Security Roles and Responsibilities

Panel: Teaching E-Commerce Application Development Technologies: Pedagogical and Assimilation Issues

EDS Innovation Research Programme DISCUSSION PAPER SERIES. No.005 Media, Connectivity, Literacies and Ethics

Information Technology Security Program

Research Strategies: Qualitative Methods and Theory

Grounded Theory. 1 Introduction Applications of grounded theory Outline of the design... 2

Strategic Program Management

Most farmers markets have a board of directors. All nonprofit

Review of Literature

MASTER S COURSES FASHION RETAIL MANAGEMENT

THE ADVANTAGES AND DISADVANTAGES OF STRATEGIC MANAGEMENT

Qualitative Interview Design: A Practical Guide for Novice Investigators

Community Partnerships Strategic Plan

Building leadership capacity in the development and sharing of mathematics learning resources, across disciplines, across universities.

MEASURING USABILITY OF ICONIC BASED GUIs OF MOBILE EMERGENCY SERVICE SOFTWARE BY USING HCI. Y.Batu Salman, Adem Karahoca

KEY CONCEPTS AND IDEAS

master s courses fashion & luxury brand management

UNH Strategic Technology Plan

Considering the Cultural Issues of Web Design in Implementing Web-Based E-Commerce for International Customers

Status Report: Practical Software Measurement

INTRODUCTORY NOTE TO THE G20 ANTI-CORRUPTION OPEN DATA PRINCIPLES

Effets de la couleur des sites web marchands sur la mémorisa-tion et sur l intention d achat

Chapter 2 ISO 9001:2008 QMS

A Variability Viewpoint for Enterprise Software Systems

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

BRAND MANAGEMENT AND MARKETING RESEARCH UNIT (BMMRU)

IT investment management based on Information Technology Portfolio Management (ITPM): a study in Brazilian companies

LEADERSHIP CULTURE SURVEY

Understanding the Impact of Transportation on Economic Development

IT Recruiting Practices as Retention Predictors: Can Recruiters Make a Difference to Potential IT Employees?

Challenges of Intercultural Management: Change implementation in the context of national culture

master s courses fashion promotion, communication & media

Virginia English Standards of Learning Grade 8

Participant Handout: Team Dynamics Workshop

Massachusetts MA 201 CMR Best Practice Guidance on How to Comply

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

Center for Effective Organizations

THE SOFTWARE QUALITY ENGINEER SOLUTIONS TEXT

GUIDE TO ERP IMPLEMENTATIONS: WHAT YOU NEED TO CONSIDER

Data Governance Baseline Deployment

Improving Government Websites and Surveys With Usability Testing and User Experience Research

De l'intégration du Système d'information à la vision transversale de l'organisation

KEY SKILLS OF JUNIOR CYCLE

Financial Planner Competency Profile

RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP

BMM652 FOUNDATIONS OF MARKETING SCIENCE

ABI Position paper. Supplement to ED/2009/12 Financial Instruments: Amortised Cost and Impairment

Levels of Software Testing. Functional Testing

Writing a Literature Review Paper

A Quality Model of e-government Services Based on the ISO/IEC 9126 Standard

UNIVERSIDAD POLITÉCNICA DE MADRID

Common Core State Standards Speaking and Listening

How to Conduct Ethnographic Research

City University of Hong Kong Course Syllabus. offered by Department of Information Systems with effect from Semester A 2016 / 2017

Internal Audit Report ITS CHANGE MANAGEMENT PROCESS. Report No. SC-11-11

Purposes and Processes of Reading Comprehension

Transcription:

Association for Information Systems AIS Electronic Library (AISeL) AMCIS 2007 Proceedings Americas Conference on Information Systems (AMCIS) 12-31-2007 Aligning Information Systems Security and Usability Requirements for Computer-Based Information Systems Santa Susarapu Virigina Commonwealth University Follow this and additional works at: http://aisel.aisnet.org/amcis2007 Recommended Citation Susarapu, Santa, "Aligning Information Systems Security and Usability Requirements for Computer-Based Information Systems" (2007). AMCIS 2007 Proceedings. Paper 412. http://aisel.aisnet.org/amcis2007/412 This material is brought to you by the Americas Conference on Information Systems (AMCIS) at AIS Electronic Library (AISeL). It has been accepted for inclusion in AMCIS 2007 Proceedings by an authorized administrator of AIS Electronic Library (AISeL). For more information, please contact elibrary@aisnet.org.

Susarapu, Aligning Security and Usability ALIGNING INFORMATION SYSTEMS SECURITY AND USABILITY REQUIREMENTS FOR COMPUTER BASED INFORMATION SYSTEMS by SANTA RAM SUSARAPU M.B.A., University of Nebraska, 2003 B.Com., Andhra University, India, 1995 Dissertation Chair: DR. GURPREET DHILLON PROFESSOR, DEPARTMENT OF INFORMATION SYSTEMS Dissertation Co-Chair: DR. H. ROLAND WEISTROFFER ASSOCIATE PROFESSOR, DEPARTMENT OF INFORMATION SYSTEMS Virginia Commonwealth University Richmond, Virginia 1

Susarapu, Aligning Security and Usability Abstract * * * * * * * Key words: Information Systems, Security, Usability, Rep Grids, Personal Construct Theory * * * * * * * With extensive usage of information systems in the day-to-day business operations, organizations have been encountering several security and usability challenges. One such challenge is the alignment of information systems security and usability requirements while developing computer based information systems. Information systems security and usability have been dominating several aspects of information systems research including systems development. Moreover, in the information systems development processes, information systems security and usability have traditionally been considered as add-on features and are not integrated into the systems development process. Yee (2004), argues that security and usability elements cannot be sprinkled on a product like pixie due. Highlighting the current research gaps, Yee (2004) also emphasizes the compelling need for aligning information systems security and usability by incorporating both security principles and usability principles throughout the information systems development and design process. Since the information systems security and usability aspects have not been integrated into the systems development process, the end users have to make certain choices between information systems security and usability features, which would result in unwarranted trade-offs between information systems security and usability. It is well known that if computer-based information systems are made more secure, they are less usable and if the systems are less secure, they are more usable (Cranor and Garfinkel 2005). Though the users choose between information systems security and usability by maximizing one component and compromising the other, there will certainly be a point where either information systems security or usability cannot be compromised any more than what they already are. Such a trade-off depends on information systems security and usability as dependent on individual users values and cognitive beliefs, which in turn influence the security objectives and usability objectives. The current state of information systems literature and research has little focus on the user trade-offs between information systems security and usability. The basic premise for the proposed research is that 2

computer based information systems are get abandoned because fundamental usability criterion have not been met. Furthermore, such systems are weak in security and therefore pose a number of risks to the organization. Alignment of the information security and usability of information systems is critical for efficient and effective usage of the information system. There are two informing pieces of literature that explain the current state of affairs. One body of literature can broadly be classified as information systems security research which includes various sub-streams of literature including access controls, data security, behavioral aspects of security, etc. The second body of literature can be classified as usability research which includes various sub-streams of literature, including, usability engineering, human computer interaction, etc. Both bodies of literature have their own assumptions and beliefs about the nature of knowledge and how information security and usability can or cannot be aligned all the way through the systems development life cycle. For the purposes of this dissertation, we adopt the definition of information security as defined within the ISO/IEC 17799 standard in the context of the C-I-A triad. The ISO/IEC 17799 defines information security as the preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required). For the purposes of usability, we adoption the definition based on part 11 of ISO 9241 Standard (1998) which defines the word usability as the extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use. Though the above ISO standard is set forth for evaluating the usability of a visual display terminal in terms of measures of user performance and satisfaction (ISO 9241) and hence the definition is very specific to such circumstances, we believe that the basic concept of usability as the extent to which an information system is used to achieve specific goals fits very well with the overall theme of the current dissertation. In this dissertation, we argue that there is an urgent need to align security and usability requirements for computer based information systems. We further argue that, in order to align information systems security and usability, understanding the objectives of information systems security and usability is critical. Such an understanding is necessary to effectively align the information systems security and usability requirements or as we call them usable security measures which need to be well integrated into the initial stages of information systems development life cycle. An integrated systems 3

development process with usable security requirements would not only secure the information systems efficiently and effectively but also enhance the overall usability of the information systems. The primary objective of this research is to explore the issue of aligning the information systems security and usability requirements. To be more elaborate, within a specific information system instantiation, we would like to investigate the following: Based on the individual values and cognitive beliefs of the users of a specific instantiation of an information system, what are the initial security and usability objectives? Which of the above identified security and usability objectives are conflicting with each other and to what extent? How can we categorize and prioritize these objectives? Based on the conflicting nature of security and usability objectives, how these conflicting objectives can be aligned? The main idea of this research is to understand the security and usability factors within a computer-based information system and present them as design guidance for the software developers and engineers. Such design development guidance will be developed at various levels of systems development which will be helpful for the software developers and engineers (Karat and Karat 2003). Since the goal of the research is to understand the users individual values and cognitive beliefs about information security and usability, we intend to use the personal construct theory and repertory grid techniques (Keeney 1996; Tan and Hunter 2002) to elicit such values and beliefs. With a careful selection of a specific business context and a particular information system user group, the planned research methods/techniques will enable the proposed research to be designed and conducted either as a single or as multiple case studies using case study design principles proposed by Yin (2003). The primary outcome of this research will be the security and usability objectives that will help design a secure and usable computer based information systems. As Karat and Karat (2003, p. 537) argue that progress in usability of systems for particular contexts is much more likely when the features of that context are brought into focus than when they are left in the background or ignored. The proposed research with the repertory grid techniques will provide insight into the ways in which information systems security and usability requirements can be aligned. Finding an alignment between the these security and usability requirements would enhance not only information systems development practices, but also enable organizations to better manage conflicting security and usability requirements. 4

References: Cranor, L. F. and S. Garfinkel (2005). Security and usability: designing secure systems that people can use. Beijing Sebastopol, CA, O'Reilly. ISO 9241 Standard (1998). Ergonomic Requirements for Office Work with Video Display Terminals. ISO 9241 Standard. Geneva, International Organization for Standardization. Karat, J. and C. M. Karat (2003). "The evolution of user-centered focus in the human-computer interaction field." IBM Systems Journal 42(4): 532-541. Keeney, R. L. (1996). Value-Focused Thinking: A Path to Creative Decision-making. Tan, F. B. and G. M. Hunter (2002). "THE REPERTORY GRID TECHNIQUE: A METHOD FOR THE STUDY OF COGNITION IN INFORMATION SYSTEMS." MIS Quarterly 26(1): 39-57. Yee, K.-P. (2004). "Aligning Security and Usability." IEEE Security & Privacy 5(2): 48-55. Yin, R. K. (2003). Case study research: design and methods. Thousand Oaks, Calif., Sage Publications. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information