Guidelines for designing IT security management tools

An important factor that impacts the effectiveness of secu-rity systems within an organization is the usability of secu-rity management tools. In this paper, we present a survey of design guidelines for such tools. We gathered guidelines and recommendations related to IT security management tools from the literature as well as from our own prior studies of IT security management. We categorized and combined these into a set of high level guidelines and identified the relationships between the guidelines and challenges in IT security management. We also illustrated the need for the guidelines, where possible, with quotes from additional in-terviews with five security practitioners. Our framework of guidelines can be used by those developing IT security tools, as well as by practitioners and managers evaluating tools

Managing Privacy During Ad Hoc Collaboration

This research introduces the concept of privacy issues related to the incidental viewing of traces of previous activity during ad hoc co-located collaboration. Web browsers are the representative application, as several of their convenience features record traces of previously visited web visites. We introduce a 4-tier privacy gradient to allow individuals to classify privacy levels associated with their actual web browsing. Before being able to develop a privacy management solution, the nature of web browsing activity with respect to privacy concerns must be examined. This research begins that exploratory process.

Incidental Information Privacy and PIM

Our research investigates the privacy issues regarding information visible on personal computer displays during collaboration. Personal information management systems often generate traces of activity, both when an end user explicitly saves information and through system use. These traces of activity may then be subsequently revealed as the user interacts with the system. The revealed information may not be appropriate for viewing in a collaborative setting. This paper discusses incidental information privacy and its ties with personal information management systems. A summary of our research to date is given along with a discussion of managing the visual privacy of incidental information in web browsers and other PIM systems