Number of co-authors:10
Number of publications with 3 favourite co-authors:Konstantin Beznosov:8Kirstie Hawkey:6Rodrigo Werlinger:4
David Botta's 3 most productive colleagues in number of publications:Kirstie Hawkey:37Sidney Fels:36Konstantin Beznoso..:23
Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.
-- Antoine de Saint Exupéry
Read the fascinating history of Wearable Computing, told by its father, Steve Mann
Read Steve's chapter !
Our Latest Books
Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger
Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad
Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam
Publications by David Botta (bibliography)
Jaferian, Pooya, Botta, David, Hawkey, Kirstie and Beznosov, Konstantin (2009): A multi-method approach for user-centered design of identity management systems. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 36.
Werlinger, Rodrigo, Hawkey, Kirstie, Botta, David and Beznosov, Konstantin (2009): Security practitioners in context: Their activities and interactions with other stakeholders within organizations. In International Journal of Human-Computer Studies, 67 (7) pp. 584-606.
This study investigates the context of interactions of information technology (IT) security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. We identify nine different activities that require interactions between security practitioners and other stakeholders, and describe in detail two of these activities that may serve as useful references for security-tool usability scenarios. We propose a model of the factors contributing to the complexity of interactions between security practitioners and other stakeholders, and discuss how this complexity is a potential source of security issues that increase the risk level within organizations. Our analysis also reveals that the tools used by our participants to perform their security tasks provide insufficient support for the complex, collaborative interactions that their duties involve. We offer several recommendations for addressing this complexity and improving IT security tools.
© All rights reserved Werlinger et al. and/or Academic Press
Jaferian, Pooya, Botta, David, Hawkey, Kirstie and Beznosov, Konstantin (2009): A case study of enterprise identity management system adoption in an insurance organization. In: Proceedings of the 2009 Symposium on Computer Human Interaction for the Management of Information Technology 2009. p. 7.
This case study describes the adoption of an enterprise identity management (IdM) system in an insurance organization. We describe the state of the organization before deploying the IdM system, and point out the challenges in its IdM practices. We describe the organization's requirements for an IdM system, why a particular solution was chosen, issues in the deployment and configuration of the solution, the expected benefits, and the new challenges that arose from using the solution. Throughout, we identify practical problems that can be the focus of future research and development efforts. Our results confirm and elaborate upon the findings of previous research, contributing to an as-yet immature body of cases about IdM. Furthermore, our findings serve as a validation of our previously identified guidelines for IT security tools in general.
© All rights reserved Jaferian et al. and/or ACM Press
Hawkey, Kirstie, Botta, David, Werlinger, Rodrigo, Muldner, Kasia, Gagné, André and Beznosov, Konstantin (2008): Human, organizational, and technological factors of IT security. In: Proceedings of ACM CHI 2008 Conference on Human Factors in Computing Systems April 5-10, 2008. pp. 3639-3644.
This paper describes the HOT Admin research project, which is investigating the human, organizational, and technological factors of IT security from the perspective of security practitioners. We use qualitative methods to examine their experiences along several themes including: unique characteristics of this population, the challenges they face within the organization, their activities, their collaborative interactions with other stakeholders, the sub-optimal situations they face as a result of distributed security management, and the impact of the security management model in place. We present preliminary results for each theme, as well as the implications of these results on the field of usable security and other research areas within HCI.
© All rights reserved Hawkey et al. and/or ACM Press
Jaferian, Pooya, Botta, David, Raja, Fahimeh, Hawkey, Kirstie and Beznosov, Konstantin (2008): Guidelines for designing IT security management tools. In: Frisch, AEleen, Kandogan, Eser, Lutters, Wayne G., Thornton, James D. and Mouloua, Mustapha (eds.) CHIMIT 2008 - Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology November 14-15, 2008, San Diego, California, USA. p. 7.
Jaferian, Pooya, Botta, David, Raja, Fahimeh, Hawkey, Kirstie and Beznosov, Konstantin (2008): Guidelines for designing IT security management tools. In: Proceedings of the 2008 Symposium on Computer Human Interaction for the Management of Information Technology 2008. p. 7.
An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. In this paper, we present a survey of design guidelines for such tools. We gathered guidelines and recommendations related to IT security management tools from the literature as well as from our own prior studies of IT security management. We categorized and combined these into a set of high level guidelines and identified the relationships between the guidelines and challenges in IT security management. We also illustrated the need for the guidelines, where possible, with quotes from additional interviews with five security practitioners. Our framework of guidelines can be used by those developing IT security tools, as well as by practitioners and managers evaluating tools.
© All rights reserved Jaferian et al. and/or ACM Press
Botta, David, Werlinger, Rodrigo, Gagné, André, Beznosov, Konstantin, Iverson, Lee, Fels, Sidney and Fisher, Brian D. (2007): Towards understanding IT security professionals and their tools. In: Proceedings of the 2007 Symposium on Usable Privacy and Security 2007. pp. 100-111.
We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their workplace and tools. We analyzed the interviews using a variation of Grounded Theory and predesigned themes. Our results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it. The workplace of our participants can be characterized by their responsibilities, goals, tasks, and skills. Three skills stand out as significant in the IT security management workplace: inferential analysis, pattern recognition, and bricolage.
© All rights reserved Botta et al. and/or ACM Press
Werlinger, Rodrigo, Botta, David and Beznosov, Konstantin (2007): Detecting, analyzing and responding to security incidents: a qualitative analysis. In: Proceedings of the 2007 Symposium on Usable Privacy and Security 2007. pp. 149-150.
Persistence and cost are the two factors that have motivated several studies about better practices for dealing with security incidents . However, there is not much literature about IT professionals who have to deal with security incidents, in terms of which tasks they actually perform and which resources they need to handle the complex scenarios given by real incidents . This lack of research makes it difficult to evaluate and improve the support that IT security professionals need to respond efficiently to security incidents.
© All rights reserved Werlinger et al. and/or ACM Press
Show list on your website
Join the design elite and advance:
Changes to this page (author)03 Apr 2012: Modified03 Apr 2012: Modified
18 Nov 2010: Modified
08 Sep 2009: Modified
01 Sep 2009: Modified
12 May 2008: Modified
12 May 2008: Added
12 May 2008: Modified
Page maintainer: The Editorial Team