Evaluating the usability of specific information technology (IT) security tools is challenging. For example, laboratory experiments can have little validity due to the complexity of real-world security problems and the need to situate a specific tool within a larger context. However, it is difficult to recruit IT security practitioners for simple interviews, let alone field observations. Direct observation of tool use can be time consuming as much security work is spontaneous (e.g. security incident response) or occurs over many months (e.g., deploying an identity management system). As ITSM tool use is intrinsically cooperative, its study inherits the difficulties of studying cooperation. As a result, heuristic evaluation of ITSM tools could be a viable component of tool usability evaluations.
↧
