Establishing usability heuristics for heuristics evaluation in a specific domain: is there a consensus?

Heuristics evaluation is frequently employed to evaluate usability. While general heuristics are suitable to evaluate most user interfaces, there is still a need to establish heuristics for specific domains to ensure that their specific usability issues are identified. This paper presents a comprehensive review of 70 studies related to usability heuristics for specific domains. The aim of this paper is to review the processes that were applied to establish heuristics in specific domains and identify gaps in order to provide recommendations for future research and area of improvements. The most urgent issue found is the deficiency of validation effort following heuristics proposition and the lack of robustness and rigour of validation method adopted. Whether domain specific heuristics perform better or worse than general ones is inconclusive due to lack of validation quality and clarity on how to assess the effectiveness of heuristics for specific domains. The lack of validation quality also affects effort in improving existing heuristics for specific domain as their weaknesses are not addressed

Cognitive Analysis of Intrusion Detection System

Usability evaluation methods have gained a substantial attention in networks particularly in Intrusion Detection System (IDS) as these evaluation methods are envisioned to achieve usability and define usability defects for a large number of practical software’s. Despite a good number of available survey and methods on usability evaluation, we feel that there is a gap in existing literature in terms of usability evaluation methods, IDS interfaces and following usability guidelines in IDS development. This paper reviews the state of the art for improving usability of networks that illustrates the issues and challenges in the context of design matters. Further, we propose the taxonomy of key issues in evaluation methods and usability problems. We also define design heuristics for IDS users and interfaces that improves detection of usability defects and interface usability compared to conventional evaluation heuristics. The similarities and differences of usability evaluation methods and usability problems are summarized on the basis of usability factors, current evaluation methods and interfaces loopholes

Service Security and Privacy as a Socio-Technical Problem: Literature review, analysis methodology and challenge domains

Published online September 2015 accepted: 15 September 2014Published online September 2015 accepted: 15 September 2014The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly tackled by consolidated research in security protocol design and analysis. By contrast, it entails much broader dimensions pertaining to how users approach technology and understand the risks for the data they enter. For example, users may express cautious or distracted personas depending on the service and the point in time; further, pre-established paths of practice may lead them to neglect the intrusive privacy policy offered by a service, or the outdated protections adopted by another. The approach that sees the service security and privacy problem as a socio-technical one needs consolidation. With this motivation, the article makes a threefold contribution. It reviews the existing literature on service security and privacy, especially from the socio-technical standpoint. Further, it outlines a general research methodology aimed at layering the problem appropriately, at suggesting how to position existing findings, and ultimately at indicating where a transdisciplinary task force may fit in. The article concludes with the description of the three challenge domains of services whose security and privacy we deem open socio-technical problems, not only due to their inherent facets but also to their huge number of users

Adapting heuristic evaluation for use in information visualization

Orientador: Celmar Guimarães da SilvaDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de TecnologiaResumo: A Avaliação Heurística é um método clássico de avaliação de interfaces de um sistema interativo na área de Interação Humano-Computador. Pesquisadores e desenvolvedores de software usam esta técnica com frequência, já que ela é rápida, barata e fácil de ser executada. Porém, para usar a técnica em outros sistemas de domínio específico, é necessário criar um novo conjunto de heurística capaz de identificar os problemas dessa área. Em Visualização de Informação (InfoVis), a técnica é utilizada com o conjunto proposto por Nielsen, que possui apenas heurísticas de usabilidade, deixando de cobrir outros conceitos importantes de InfoVis. Na literatura, estão presentes conjuntos de recomendações que cobrem os conceitos de InfoVis, entretanto, muitas destas recomendações não são apresentadas como heurísticas, ou então são restritas a um determinado contexto. Desta forma, este trabalho apresenta um método para criar um conjunto de heurísticas de InfoVis, para ser usado na Avaliação Heurística. O método agrupa as heurísticas e recomendações encontradas na literatura, e cria novas heurísticas com base em cada grupo formado. Assim, um novo conjunto com 15 heurísticas genéricas foi criado, a partir de um conjunto com 62 heurísticas e recomendações e, posteriormente, avaliado. A hipótese é que o novo conjunto irá auxiliar os avaliadores a considerar um conjunto mais amplo de conceitos de visualização durante a Avaliação Heurística com, possivelmente, menos esforço cognitivo, quando comparado com a aplicação direta das 62 heurísticas e recomendaçõesAbstract: Heuristic evaluation technique is a classical evaluation method of user interface in Human-Computer Interaction area. Researchers and software developers broadly use it, given that it is fast, cheap and easy to use. Using it in other system of specific domains demands creating a new heuristic set able to identify common problems of these areas. Information Visualization (InfoVis) researchers commonly use this technique with the original usability heuristic set proposed by Nielsen, which does not cover many relevant aspects of InfoVis. InfoVis literature presents sets of guidelines that cover InfoVis concepts, but it does not present most of them as heuristics, or they cover much specific context. This work presents a method to define a set of InfoVis heuristics for use in Heuristic Evaluation. The method clusters heuristics and guidelines that was found in the literature, and creates a new heuristic based on each group. Thus, a new set of 15 generic heuristics was created, from a set of 62 heuristics and guidelines, and after it was evaluated. The new set will help evaluators to consider a broad set of visualization aspects during Heuristic Evaluation, with possibly less cognitive effort, when compared with a direct application of the 62 heuristics and guidelinesMestradoSistemas de Informação e ComunicaçãoMestre em TecnologiaCAPE

Embedded mobile application for controlling acoustic panels

Abstract. This thesis work is about acoustic panels and planning a software that would control these kinds of panels. The software is supposed to take information from the panels and then use that information for moving the acoustic panels to a desired location. The application is for mobile environment for both smart phones and tablets. This means that there are some constraints for the software such as scaling the panels so that all the panels can be used when moving the panels. This work introduces heuristic and design science theory and builds the application plan as an artifact from there onwards. The plan is based upon the original requirements for this application. This plan for the application meets the requirements set upon it by the customer. The plan was created so that the basic functionalities that were discussed with the customer were satisfied. This included connection to panels, drawing a scaling panel view, moving panels, centring panels and so forth. The application was evaluated with two sets of heuristics. First one was the heuristics created by Nielsen 1995 and second heuristic was self-built. Nielsen’s heuristics were meant for a more general usage while the set of heuristics that were self-build were meant for more general usage. The heuristic evaluation provided results which were that the application needs at least more error prevention, documentation and a better way or representing panels actual physical location on the wall. Error prevention was a major issue in a case that one or more of the panels were broken and needed to be fixed. Documentation was more of an issue from the user’s perspective in case some of the actions or error messages were such that the user did not understand them. Last issue of presenting the panel positions better in relation to the physical wall was an issue basically because the user needs to know where the panels are without too much difficulty. If the user is confused about panel location, they cannot be sure which panels to move. These issues were discussed in the second iteration of the plan for this application. The second iteration was done in writing and a picture of the new user interface after the heuristic evaluation was done. This iteration discussed and solved these problems. For the limitations of this work there were issues with author doing the heuristic evaluation while not being an expert, implementation not being done in the scope of this work and implementation details not being discussed. For future research, the implementation should be done and the heuristics that were self-built need more though put into the

To authorize or not authorize: helping users review access policies in organizations

ABSTRACT This work addresses the problem of reviewing complex access policies in an organizational context using two studies. In the first study, we used semi-structured interviews to explore the access review activity and identify its challenges. The interviews revealed that access review involves challenges such as scale, technical complexity, the frequency of reviews, human errors, and exceptional cases. We also modeled access review in the activity theory framework. The model shows that access review requires an understanding of the activity context including information about the users, their job, their access rights, and the history of access policy. We then used activity theory guidelines to design a new user interface named AuthzMap. We conducted an exploratory user study with 340 participants to compare the use of AuthzMap with two existing commercial systems for access review. The results show that AuthzMap improved the efficiency of access review in 5 of the 7 tested scenarios, compared to the existing systems. AuthzMap also improved accuracy of actions in one of the 7 tasks, and only negatively affected accuracy in one of the tasks

Informacijos saugos valdymo karkasas smulkiam ir vidutiniam verslui

Information security is one of the concerns any organization or person faces. The list of new threats appears, and information security management mechanisms have to be established and continuously updated to be able to fight against possible security issues. To be up to date with existing information technology threats and prevention, protection, maintenance possibilities, more significant organizations establish positions or even departments, to be responsible for the information security management. However, small and medium enterprise (SME) does not have enough capacities. Therefore, the information security management situation in SMEs is fragmented and needs improvement. In this thesis, the problem of information security management in the small and medium enterprise is analyzed. It aims to simplify the information security management process in the small and medium enterprise by proposing concentrated information and tools in information security management framework. Existence of an information security framework could motivate SME to use it in practice and lead to an increase of SME security level. The dissertation consists of an introduction, four main chapters and general conclusions. The first chapter introduces the problem of information security management and its’ automation. Moreover, state-of-the-art frameworks for information security management in SME are analyzed and compared. The second chapter proposes a novel information security management framework and guidelines on its adoption. The framework is designed based on existing methodologies and frameworks. A need for a model for security evaluation based on the organization’s management structure noticed in chapter two; therefore, new probability theory-based model for organizations information flow security level estimation presented in chapter three. The fourth chapter presents the validation of proposed security evaluation models by showing results of a case study and experts ranking of the same situations. The multi-criteria analysis was executed to evaluate the ISMF suitability to be applied in a small and medium enterprise. In this chapter, we also analyze the opinion of information technology employees in an SME on newly proposed information security management framework as well as a new model for information security level estimation. The thesis is summarized by the general conclusions which confirm the need of newly proposed framework and associated tools as well as its suitability to be used in SME to increase the understanding of current information security threat situation.Dissertatio