User-centered design of identity and access management systems

IT security management (ITSM) technologies are important components of IT security in organizations. But there has been little research on how ITSM technologies should incorporate human and social issues into their design. Identity and Access Management (IAM) systems, as an important category of ITS...

Full description

Bibliographic Details
Main Author: Jaferian, Pooya
Language:English
Published: University of British Columbia 2014
Online Access:http://hdl.handle.net/2429/51243
id ndltd-UBC-oai-circle.library.ubc.ca-2429-51243
record_format oai_dc
spelling ndltd-UBC-oai-circle.library.ubc.ca-2429-512432018-01-05T17:27:51Z User-centered design of identity and access management systems Jaferian, Pooya IT security management (ITSM) technologies are important components of IT security in organizations. But there has been little research on how ITSM technologies should incorporate human and social issues into their design. Identity and Access Management (IAM) systems, as an important category of ITSM, share such a gap with other ITSM technologies. The overreaching goal of this research is to narrow the gap between IAM technologies and social context. In the first phase, we developed a set of usability guidelines, and heuristics for design and usability evaluation of ITSM tools. We gathered recommendations related to ITSM tools from the literature, and categorized them into a set of 19 high-level guidelines that can be used by ITSM tool designers. We then used a methodical approach to create seven heuristics for usability evaluation of ITSM tools and named them ITSM heuristics. With a between-subjects study, we compared the usage of the ITSM and Nielsen's heuristics for evaluation of a commercial IAM system. The results confirmed the effectiveness of ITSM heuristics, as participants who used the ITSM heuristics found more problems categorized as severe than those who used Nielsen's. In the second phase, we conducted a field-study of 19 security practitioners to understand how they do IAM and identify the challenges they face. We used a grounded theory approach to collect and analyze data and developed a model of IAM activities and challenges. Built on the model, we proposed a list of recommendations for improving technology or practice. In the third phase, we narrowed down our focus to a specific IAM related activity, access review. We expanded our understanding of access review by further analysis of the interviews, and by conducting a survey of 49 security practitioners. Then, we used a usability engineering process to design AuthzMap, a novel user-interface for reviewing access policies in organizations. We conducted a user study with 430 participants to compare the use of AuthzMap with two existing access review systems. The results show AuthzMap improved the efficiency in five of the seven tested tasks, and improved accuracy in one of them. Applied Science, Faculty of Electrical and Computer Engineering, Department of Graduate 2014-12-01T15:45:37Z 2014-12-01T15:45:37Z 2014 2015-02 Text Thesis/Dissertation http://hdl.handle.net/2429/51243 eng Attribution-NonCommercial-NoDerivs 2.5 Canada http://creativecommons.org/licenses/by-nc-nd/2.5/ca/ University of British Columbia
collection NDLTD
language English
sources NDLTD
description IT security management (ITSM) technologies are important components of IT security in organizations. But there has been little research on how ITSM technologies should incorporate human and social issues into their design. Identity and Access Management (IAM) systems, as an important category of ITSM, share such a gap with other ITSM technologies. The overreaching goal of this research is to narrow the gap between IAM technologies and social context. In the first phase, we developed a set of usability guidelines, and heuristics for design and usability evaluation of ITSM tools. We gathered recommendations related to ITSM tools from the literature, and categorized them into a set of 19 high-level guidelines that can be used by ITSM tool designers. We then used a methodical approach to create seven heuristics for usability evaluation of ITSM tools and named them ITSM heuristics. With a between-subjects study, we compared the usage of the ITSM and Nielsen's heuristics for evaluation of a commercial IAM system. The results confirmed the effectiveness of ITSM heuristics, as participants who used the ITSM heuristics found more problems categorized as severe than those who used Nielsen's. In the second phase, we conducted a field-study of 19 security practitioners to understand how they do IAM and identify the challenges they face. We used a grounded theory approach to collect and analyze data and developed a model of IAM activities and challenges. Built on the model, we proposed a list of recommendations for improving technology or practice. In the third phase, we narrowed down our focus to a specific IAM related activity, access review. We expanded our understanding of access review by further analysis of the interviews, and by conducting a survey of 49 security practitioners. Then, we used a usability engineering process to design AuthzMap, a novel user-interface for reviewing access policies in organizations. We conducted a user study with 430 participants to compare the use of AuthzMap with two existing access review systems. The results show AuthzMap improved the efficiency in five of the seven tested tasks, and improved accuracy in one of them. === Applied Science, Faculty of === Electrical and Computer Engineering, Department of === Graduate
author Jaferian, Pooya
spellingShingle Jaferian, Pooya
User-centered design of identity and access management systems
author_facet Jaferian, Pooya
author_sort Jaferian, Pooya
title User-centered design of identity and access management systems
title_short User-centered design of identity and access management systems
title_full User-centered design of identity and access management systems
title_fullStr User-centered design of identity and access management systems
title_full_unstemmed User-centered design of identity and access management systems
title_sort user-centered design of identity and access management systems
publisher University of British Columbia
publishDate 2014
url http://hdl.handle.net/2429/51243
work_keys_str_mv AT jaferianpooya usercentereddesignofidentityandaccessmanagementsystems
_version_ 1718584529902370816