Publication statistics

Pub. period:2007-2011
Pub. count:23
Number of co-authors:21



Co-authors

Number of publications with 3 favourite co-authors:

Kirstie Hawkey:21
David Botta:8
Pooya Jaferian:7

 

 

Productive colleagues

Konstantin Beznosov's 3 most productive colleagues in number of publications:

Kellogg S. Booth:56
Kirstie Hawkey:37
Sidney Fels:36
 
 
 

Upcoming Courses

Affordances: Designing Intuitive User Interfaces

90% booked. Starts in 5 days
 
 
 

User Experience: The Beginner's Guide

85% booked. Starts in 10 days
 
 
 
 
 

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !

 
 

Our Latest Books

Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger

 
Start reading

Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad

 
Start reading

Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam

 
Start reading
 
 

Konstantin Beznosov

Personal Homepage:
konstantin.beznosov.net/professional/


Add description
Add publication

Publications by Konstantin Beznosov (bibliography)

 what's this?
2011
 
Edit | Del

Sun, San-Tsai, Pospisil, Eric, Muslukhov, Ildar, Dindar, Nuray, Hawkey, Kirstie and Beznosov, Konstantin (2011): OpenID-enabled browser: towards usable and secure web single sign-on. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 1291-1296.

OpenID is an open and promising Web single sign-on solution; however, the interaction flows provided by OpenID are inconsistent, counter-intuitive, and vulnerable to phishing attacks. In this work, we investigated the challenges web users face when using OpenID for authentication, and designed a phishing-resistant, privacy-preserving browser add-on to provide a consistent and intuitive single sign-on user experience for the average web users.

© All rights reserved Sun et al. and/or their publisher

 
Edit | Del

Raja, Fahimeh, Hawkey, Kirstie, Hsu, Steven, Wang, Kai-Le and Beznosov, Konstantin (2011): Promoting a physical security mental model for personal firewall warnings. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 1585-1590.

We used an iterative process to design personal firewall warnings in which the functionality of a firewall is visualized based on a physical security mental model. We performed a study to determine the degree to which our proposed warnings are understandable for our participants, and the degree to which they convey the risks and encourage safe behavior as compared to warnings based on those from a popular personal firewall. Initial results show that our warnings facilitate the comprehension of warning information, better communicate risk, and increase the likelihood of safe behavior. Moreover, they provided participants with a better understanding of both the functionality of a personal firewall and the consequences of their actions.

© All rights reserved Raja et al. and/or their publisher

 
Edit | Del

Jaferian, Pooya, Hawkey, Kirstie, Sotirakopoulos, Andreas and Beznosov, Konstantin (2011): Heuristics for evaluating IT security management tools. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 1633-1638.

The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, ITSM occurs within a complex and collaborative context that involves diverse stakeholders; this makes standard usability heuristics difficult to apply. We propose a set of ITSM usability heuristics that are based on activity theory and supported by prior research. We performed a study to compare the use of the ITSM heuristics to Nielsen's heuristics for the evaluation of a commercial identity management system. Our preliminary results show that our new ITSM heuristics performed well in finding usability problems. However, we need to perform the study with more participants and perform more detailed analysis to precisely show the differences in applying the ITSM heuristics as compared to Nielsen's heuristics.

© All rights reserved Jaferian et al. and/or their publisher

 
Edit | Del

Raja, Fahimeh, Hawkey, Kirstie, Hsu, Steven, Wang, Kai-Le Clement and Beznosov, Konstantin (2011): A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings. In: Proceedings of the 2011 Symposium on Usable Privacy and Security 2011. p. 1.

We used an iterative process to design firewall warnings in which the functionality of a personal firewall is visualized based on a physical security metaphor. We performed a study to determine the degree to which our proposed warnings are understandable for users, and the degree to which they convey the risks and encourage safe behavior as compared to text warnings based on those from a popular personal firewall. The evaluation results show that our warnings facilitate the comprehension of warning information, better communicate the risk, and increase the likelihood of safe behavior. Moreover, they provide participants with a better understanding of both the functionality of a personal firewall and the consequences of their actions.

© All rights reserved Raja et al. and/or ACM Press

 
Edit | Del

Sotirakopoulos, Andreas, Hawkey, Kirstie and Beznosov, Konstantin (2011): On the challenges in usable security lab studies: lessons learned from replicating a study on SSL warnings. In: Proceedings of the 2011 Symposium on Usable Privacy and Security 2011. p. 3.

We replicated and extended a 2008 study conducted at CMU that investigated the effectiveness of SSL warnings. We adjusted the experimental design to mitigate some of the limitations of that prior study; adjustments include allowing participants to use their web browser of choice and recruiting a more representative user sample. However, during our study we observed a strong disparity between our participants actions during the laboratory tasks and their self-reported "would be" actions during similar tasks in everyday computer practices. Our participants attributed this disparity to the laboratory environment and the security it offered. In this paper we discuss our results and how the introduced changes to the initial study design may have affected them. Also, we discuss the challenges of observing natural behavior in a study environment, as well as the challenges of replicating previous studies given the rapid changes in web technology. We also propose alternatives to traditional laboratory study methodologies that can be considered by the usable security research community when investigating research questions involving sensitive data where trust may influence behavior.

© All rights reserved Sotirakopoulos et al. and/or ACM Press

 
Edit | Del

Sun, San-Tsai, Pospisil, Eric, Muslukhov, Ildar, Dindar, Nuray, Hawkey, Kirstie and Beznosov, Konstantin (2011): What makes users refuse web single sign-on?: an empirical investigation of OpenID. In: Proceedings of the 2011 Symposium on Usable Privacy and Security 2011. p. 4.

OpenID is an open and promising Web single sign-on (SSO) solution. This work investigates the challenges and concerns web users face when using OpenID for authentication, and identifies what changes in the login flow could improve the users' experience and adoption incentives. We found our participants had several behaviors, concerns, and misconceptions that hinder the OpenID adoption process: (1) their existing password management strategies reduce the perceived

© All rights reserved Sun et al. and/or ACM Press

 
Edit | Del

Jaferian, Pooya, Hawkey, Kirstie, Sotirakopoulos, Andreas, Velez-Rojas, Maria and Beznosov, Konstantin (2011): Heuristics for evaluating IT security management tools. In: Proceedings of the 2011 Symposium on Usable Privacy and Security 2011. p. 7.

The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, standard usability heuristics are hard to apply as IT security management occurs within a complex and collaborative context that involves diverse stakeholders. We propose a set of ITSM usability heuristics that are based on activity theory, are supported by prior research, and consider the complex and cooperative nature of security management. In a between-subjects study, we compared the employment of the ITSM and Nielsen's heuristics for evaluation of a commercial identity management system. Participants who used the ITSM set found more problems categorized as severe than those who used Nielsen's. As evaluators identified different types of problems with the two sets of heuristics, we recommend employing both the ITSM and Nielsen's heuristics during evaluation of ITSM tools.

© All rights reserved Jaferian et al. and/or ACM Press

2010
 
Edit | Del

Motiee, Sara, Hawkey, Kirstie and Beznosov, Konstantin (2010): Do windows users follow the principle of least privilege?: investigating user account control practices. In: Proceedings of the 2010 Symposium on Usable Privacy and Security 2010. p. 1.

The principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by security incidents. Low-privileged user accounts (LUA) and user account control (UAC) in Windows Vista and Windows 7 are two practical implementations of this principle. To be successful, however, users must apply due diligence, use appropriate accounts, and respond correctly to UAC prompts. With a user study and contextual interviews, we investigated the motives, understanding, behaviour, and challenges users face when working with user accounts and the UAC. Our results show that 69% of participants did not apply the UAC approach correctly. All 45 participants used an administrator user account, and 91% were not aware of the benefits of low-privilege user accounts or the risks of high-privilege ones. Their knowledge and experience were limited to the restricted rights of low-privilege accounts. Based on our findings, we offer recommendations to improve the UAC and LUA approaches.

© All rights reserved Motiee et al. and/or their publisher

 
Edit | Del

Raja, Fahimeh, Hawkey, Kirstie, Beznosov, Konstantin and Booth, Kellogg S. (2010): Investigating an appropriate design for personal firewalls. In: Proceedings of ACM CHI 2010 Conference on Human Factors in Computing Systems 2010. pp. 4123-4128.

Personal firewalls are an important aspect of security for home computer users, but little attention has been given to their usability. We conducted semi-structured interviews to understand participants' knowledge, requirements, expectations, and misconceptions for personal firewalls. Analysis of 10 interviews shows that different design decisions (i.e., level of automation, multiple profile settings) are appropriate for users with different levels of security knowledge and experience.

© All rights reserved Raja et al. and/or their publisher

 
Edit | Del

Motiee, Sara, Hawkey, Kirstie and Beznosov, Konstantin (2010): Investigating user account control practices. In: Proceedings of ACM CHI 2010 Conference on Human Factors in Computing Systems 2010. pp. 4129-4134.

Non-administrator user accounts and the user account control (UAC) approach of Windows Vista are two practical solutions to limit the damage of malware infection. UAC in Windows Vista supports usage of lower privilege accounts; a UAC prompt allows users to raise their privileges when required. We conducted a user study and contextual interviews to understand the motives and challenges participants face when using different user accounts and the UAC approach. Most participants were not aware of or motivated to employ low-privileged accounts. Moreover, most did not understand or carefully consider the prompts.

© All rights reserved Motiee et al. and/or their publisher

2009
 
Edit | Del

Raja, Fahimeh, Hawkey, Kirstie and Beznosov, Konstantin (2009): Towards improving mental models of personal firewall users. In: Proceedings of ACM CHI 2009 Conference on Human Factors in Computing Systems 2009. pp. 4633-4638.

Windows Vista's personal firewall provides its diverse users with a basic interface that hides many operational details. However, our study of this interface revealed that concealing the impact of network context on the security state of the firewall results in mental models that are unclear about the protection provided by the firewall resulting in an inaccurate understanding of the firewall configuration. We developed a prototype to support more contextually complete mental models through inclusion of network context information. Results from our initial evaluation of the prototype support our approach of improving user understanding of underlying system states by revealing hidden context, while considering the tension between complexity of the interface and security of the system.

© All rights reserved Raja et al. and/or ACM Press

 
Edit | Del

Raja, Fahimeh, Hawkey, Kirstie and Beznosov, Konstantin (2009): Revealing hidden context: improving mental models of personal firewall users. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 1.

The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of the firewall may result in users developing an incorrect mental model of the protection provided by the firewall. We present a study of participants' mental models of Vista Firewall (VF). We investigated changes to those mental models and their understanding of the firewall's settings after working with both the VF basic interface and our prototype. Our prototype was designed to support development of a more contextually complete mental model through inclusion of network location and connection information. We found that participants produced richer mental models after using the prototype than when working with the VF basic interface; they were also significantly more accurate in their understanding of the configuration of the firewall. Based on our results, we discuss methods of improving user understanding of underlying system states by revealing hidden context, while considering the tension between complexity of the interface and security of the system.

© All rights reserved Raja et al. and/or ACM Press

 
Edit | Del

Jaferian, Pooya, Botta, David, Hawkey, Kirstie and Beznosov, Konstantin (2009): A multi-method approach for user-centered design of identity management systems. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 36.

 
Edit | Del

Werlinger, Rodrigo, Hawkey, Kirstie, Botta, David and Beznosov, Konstantin (2009): Security practitioners in context: Their activities and interactions with other stakeholders within organizations. In International Journal of Human-Computer Studies, 67 (7) pp. 584-606.

This study investigates the context of interactions of information technology (IT) security practitioners, based on a qualitative analysis of 30 interviews and participatory observation. We identify nine different activities that require interactions between security practitioners and other stakeholders, and describe in detail two of these activities that may serve as useful references for security-tool usability scenarios. We propose a model of the factors contributing to the complexity of interactions between security practitioners and other stakeholders, and discuss how this complexity is a potential source of security issues that increase the risk level within organizations. Our analysis also reveals that the tools used by our participants to perform their security tasks provide insufficient support for the complex, collaborative interactions that their duties involve. We offer several recommendations for addressing this complexity and improving IT security tools.

© All rights reserved Werlinger et al. and/or Academic Press

 
Edit | Del

Jaferian, Pooya, Botta, David, Hawkey, Kirstie and Beznosov, Konstantin (2009): A case study of enterprise identity management system adoption in an insurance organization. In: Proceedings of the 2009 Symposium on Computer Human Interaction for the Management of Information Technology 2009. p. 7.

This case study describes the adoption of an enterprise identity management (IdM) system in an insurance organization. We describe the state of the organization before deploying the IdM system, and point out the challenges in its IdM practices. We describe the organization's requirements for an IdM system, why a particular solution was chosen, issues in the deployment and configuration of the solution, the expected benefits, and the new challenges that arose from using the solution. Throughout, we identify practical problems that can be the focus of future research and development efforts. Our results confirm and elaborate upon the findings of previous research, contributing to an as-yet immature body of cases about IdM. Furthermore, our findings serve as a validation of our previously identified guidelines for IT security tools in general.

© All rights reserved Jaferian et al. and/or ACM Press

2008
 
Edit | Del

Hawkey, Kirstie, Botta, David, Werlinger, Rodrigo, Muldner, Kasia, Gagné, André and Beznosov, Konstantin (2008): Human, organizational, and technological factors of IT security. In: Proceedings of ACM CHI 2008 Conference on Human Factors in Computing Systems April 5-10, 2008. pp. 3639-3644.

This paper describes the HOT Admin research project, which is investigating the human, organizational, and technological factors of IT security from the perspective of security practitioners. We use qualitative methods to examine their experiences along several themes including: unique characteristics of this population, the challenges they face within the organization, their activities, their collaborative interactions with other stakeholders, the sub-optimal situations they face as a result of distributed security management, and the impact of the security management model in place. We present preliminary results for each theme, as well as the implications of these results on the field of usable security and other research areas within HCI.

© All rights reserved Hawkey et al. and/or ACM Press

 
Edit | Del

Werlinger, Rodrigo, Hawkey, Kirstie and Beznosov, Konstantin (2008): Security practitioners in context: their activities and interactions. In: Proceedings of ACM CHI 2008 Conference on Human Factors in Computing Systems April 5-10, 2008. pp. 3789-3794.

This study develops the context of interactions of IT security practitioners. Preliminary qualitative analysis of 22 interviews (to date) and participatory observation has identified eight different types of activities that require interactions between security practitioners and different stakeholders. Our analysis shows that the tools used by our participants do not provide sufficient support for their complex security tasks, including the interactions with other stakeholders. We provide recommendations to improve tool support for security practitioners.

© All rights reserved Werlinger et al. and/or ACM Press

 
Edit | Del

Werlinger, Rodrigo, Hawkey, Kirstie, Muldner, Kasia, Jaferian, Pooya and Beznosov, Konstantin (2008): The challenges of using an intrusion detection system: is it worth the effort?. In: Proceedings of the 2008 Symposium on Usable Privacy and Security 2008. pp. 107-118.

An intrusion detection system (IDS) can be a key component of security incident response within organizations. Traditionally, intrusion detection research has focused on improving the accuracy of IDSs, but recent work has recognized the need to support the security practitioners who receive the IDS alarms and investigate suspected incidents. To examine the challenges associated with deploying and maintaining an IDS, we analyzed 9 interviews with IT security practitioners who have worked with IDSs and performed participatory observations in an organization deploying a network IDS. We had three main research questions: (1) What do security practitioners expect from an IDS?; (2) What difficulties do they encounter when installing and configuring an IDS?; and (3) How can the usability of an IDS be improved? Our analysis reveals both positive and negative perceptions that security practitioners have for IDSs, as well as several issues encountered during the initial stages of IDS deployment. In particular, practitioners found it difficult to decide where to place the IDS and how to best configure it for use within a distributed environment with multiple stakeholders. We provide recommendations for tool support to help mitigate these challenges and reduce the effort of introducing an IDS within an organization.

© All rights reserved Werlinger et al. and/or ACM Press

 
Edit | Del

Hawkey, Kirstie, Muldner, Kasia and Beznosov, Konstantin (2008): Searching for the Right Fit: Balancing IT Security Management Model Trade-Offs. In IEEE Internet Computing, 12 (3) pp. 22-30.

 
Edit | Del

Jaferian, Pooya, Botta, David, Raja, Fahimeh, Hawkey, Kirstie and Beznosov, Konstantin (2008): Guidelines for designing IT security management tools. In: Frisch, AEleen, Kandogan, Eser, Lutters, Wayne G., Thornton, James D. and Mouloua, Mustapha (eds.) CHIMIT 2008 - Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology November 14-15, 2008, San Diego, California, USA. p. 7.

 
Edit | Del

Jaferian, Pooya, Botta, David, Raja, Fahimeh, Hawkey, Kirstie and Beznosov, Konstantin (2008): Guidelines for designing IT security management tools. In: Proceedings of the 2008 Symposium on Computer Human Interaction for the Management of Information Technology 2008. p. 7.

An important factor that impacts the effectiveness of security systems within an organization is the usability of security management tools. In this paper, we present a survey of design guidelines for such tools. We gathered guidelines and recommendations related to IT security management tools from the literature as well as from our own prior studies of IT security management. We categorized and combined these into a set of high level guidelines and identified the relationships between the guidelines and challenges in IT security management. We also illustrated the need for the guidelines, where possible, with quotes from additional interviews with five security practitioners. Our framework of guidelines can be used by those developing IT security tools, as well as by practitioners and managers evaluating tools.

© All rights reserved Jaferian et al. and/or ACM Press

2007
 
Edit | Del

Botta, David, Werlinger, Rodrigo, Gagné, André, Beznosov, Konstantin, Iverson, Lee, Fels, Sidney and Fisher, Brian D. (2007): Towards understanding IT security professionals and their tools. In: Proceedings of the 2007 Symposium on Usable Privacy and Security 2007. pp. 100-111.

We report preliminary results of our ongoing field study of IT professionals who are involved in security management. We interviewed a dozen practitioners from five organizations to understand their workplace and tools. We analyzed the interviews using a variation of Grounded Theory and predesigned themes. Our results suggest that the job of IT security management is distributed across multiple employees, often affiliated with different organizational units or groups within a unit and responsible for different aspects of it. The workplace of our participants can be characterized by their responsibilities, goals, tasks, and skills. Three skills stand out as significant in the IT security management workplace: inferential analysis, pattern recognition, and bricolage.

© All rights reserved Botta et al. and/or ACM Press

 
Edit | Del

Werlinger, Rodrigo, Botta, David and Beznosov, Konstantin (2007): Detecting, analyzing and responding to security incidents: a qualitative analysis. In: Proceedings of the 2007 Symposium on Usable Privacy and Security 2007. pp. 149-150.

Persistence and cost are the two factors that have motivated several studies about better practices for dealing with security incidents [5]. However, there is not much literature about IT professionals who have to deal with security incidents, in terms of which tasks they actually perform and which resources they need to handle the complex scenarios given by real incidents [6]. This lack of research makes it difficult to evaluate and improve the support that IT security professionals need to respond efficiently to security incidents.

© All rights reserved Werlinger et al. and/or ACM Press

 
Add publication
Show list on your website
 

Join our community and advance:

Your
Skills

Your
Network

Your
Career

 
 
 
 

Changes to this page (author)

05 Apr 2012: Modified
05 Apr 2012: Modified
05 Apr 2012: Modified
05 Apr 2012: Modified
03 Apr 2012: Modified
03 Apr 2012: Modified
05 Jul 2011: Modified
05 Jul 2011: Modified
05 Jul 2011: Modified
18 Nov 2010: Modified
02 Nov 2010: Modified
02 Nov 2010: Modified
02 Nov 2010: Modified
08 Sep 2009: Modified
08 Sep 2009: Modified
01 Sep 2009: Modified
02 Jun 2009: Modified
09 May 2009: Modified
08 Apr 2009: Modified
12 May 2008: Modified
12 May 2008: Added
12 May 2008: Modified
12 May 2008: Modified

Page Information

Page maintainer: The Editorial Team
URL: http://www.interaction-design.org/references/authors/konstantin_beznosov.html

Publication statistics

Pub. period:2007-2011
Pub. count:23
Number of co-authors:21



Co-authors

Number of publications with 3 favourite co-authors:

Kirstie Hawkey:21
David Botta:8
Pooya Jaferian:7

 

 

Productive colleagues

Konstantin Beznosov's 3 most productive colleagues in number of publications:

Kellogg S. Booth:56
Kirstie Hawkey:37
Sidney Fels:36
 
 
 

Upcoming Courses

Affordances: Designing Intuitive User Interfaces

90% booked. Starts in 5 days
 
 
 

User Experience: The Beginner's Guide

85% booked. Starts in 10 days
 
 
 
 
 

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !

 
 

Our Latest Books

Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger

 
Start reading

Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad

 
Start reading

Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam

 
Start reading
 
 
 
 
This course starts in