Top Banner
Heuristic Evaluation Tutorial 1
25
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Training ITSM

Heuristic Evaluation Tutorial

1

Page 2: Training ITSM

Heuristic Evaluation

• Goal: Identifying usability problems in existing systems

• Checking compliance with a set of usability principles

• Performed individually • Results will be aggregated

2

Page 3: Training ITSM

Heuristic Evaluation

• The scope is limited to scenarios • You can go through the interface several times• You should specify: – The problem – The task– The heuristic(s)

3

Page 4: Training ITSM

IT security management (ITSM) tools

• IT security management tools are components in the design, development, and maintenance of a secure information technology infrastructure. – Examples: network firewall, intrusion detection

system, identity and access management system

• Characteristics of the ITSM environment– Complex, collaborative, people with different

backgrounds

4

Page 5: Training ITSM

Example ITSM Tool

• Firewall as a running example• Filtering packet based on certain

characteristics• Firewall use rules for this purpose– E.g. block every connection from 123.123.100.100

5

Page 6: Training ITSM

HEURISTICS

6

Page 7: Training ITSM

1 – Visibility of activity status

Provide users with awareness about the status of the activity distributed over time and space, including the other users involved in the activity, their actions, and distribution of work between them; rules that govern the activity; tools, information, and material that are used in the activity; and progress toward the activity objective. Provide communication channels for transferring the status of the activity. While providing awareness is crucial, provide awareness only about what a user needs to know to complete his actions.

7

Page 8: Training ITSM

1 – Visibility of activity status

Providing communication channelsProvide shared view of the system stateProvide information about who is responsibleDon’t show all the firewall rules

8

Security admin

Employee

Firewall

Page 9: Training ITSM

2- History of actions and changes on artifacts

Allow capturing the history of actions and changes on tools or other artefacts such as policies, logs, and communication between users. Provide a means for searching and analyzing historical information.

9

Page 10: Training ITSM

2- History of actions and changes on artifacts

- Provide archiving - History of actions- Data correlation and filtering

10

Security Admin 1

Security admin 2

Firewall

Page 11: Training ITSM

3- Flexible representation of information

Allow changing the representation of information to suit the target audience and their current task. Support flexible reports. Allow tools to change the representation of their input/output for flexible combination with other tools.

11

Page 12: Training ITSM

3- Flexible representation of information

Malicious network activity

What is the source ip addresses?

Total number/month?

Packet analyzer • Different presentation formats or multiple views

• Flexible reporting • Different methods of interaction with the tool• Combinable tools • Customizable tools 12

Firewall

ManagerSecurity Admin

Page 13: Training ITSM

4- Rules and constraints

Promote rules and constraints on ITSM activities, but provide freedom for users to choose different paths that respect the constraints. Constraints can be enforced in multiple layers. For example, a tool could constrain the possible actions based on the task, the chosen strategy for performing the task (e.g., the order of performing actions), the social and organizational structure (e.g., number of subjects involved in the task, policies, standards), and the competency of the user.

13

Page 14: Training ITSM

4- Rules and constraints

Standards? Organization policy?………

- Allow application of different policies- List actions in hierarchical fashion

14

Security Admin Firewall

Page 15: Training ITSM

5- Planning and dividing work between users

Facilitate dividing work between the users involved in an activity. For routine and pre-determined tasks, allow incorporation of a workflow. For unknown conditions, allow generation of new work plans and incorporation of new users.

15

Page 16: Training ITSM

5- Planning and dividing work between users

Subdomain A notifications

Subdomain B notifications

Subdomain C notifications• Support workflow• Task prioritization

16

Security Admin 1

Security Admin 2

Security Admin 3

Page 17: Training ITSM

6- Capturing, sharing, and discovery of knowledge

Allow users to capture and store their knowledge explicitly by generating documents, web-pages, scripts, and notes or implicitly by providing access to a history of their previous actions. Tools could then facilitate sharing such knowledge with other users. Furthermore, tools should facilitate discovery of the required knowledge source including artefacts or a person who possess the knowledge and provide means of communicating with the person who possesses the knowledge.

17

Page 18: Training ITSM

6- Capturing, sharing, and discovery of knowledge

There is a new attack that exploits port 22 ….

- Knowledge sharing - Support scripts- Tagging / Wiki / Social Navigation- Communication channel

18

Security Admin in Organization 2

Security admin in organization 1

Firewall in organization 1

Firewall in organization 2

internet

Page 19: Training ITSM

7- Verification of knowledge

For critical ITSM activities, tools should help SPs validate their knowledge about the actions that are required to perform the activity. Allow users to validate their knowledge by performing actions and validating the results on a test system before applying them to the real system. Allow users to document the required actions in the form of a note or a script; this helps the users or their colleagues to review the required actions before applying them on the system.

19

Page 20: Training ITSM

7- Verification of knowledge

Test

Real• Rehearsal and planning • Manageable configuration

20

Online sources in the internet

Security admin

Page 21: Training ITSM

IDENTITY MANAGEMENT SYSTEM The target system for heuristic evaluation

21

Page 22: Training ITSM

Identity management system

Neteauto

Sales rep. 22

Sour

ce: I

denti

ty L

ifecy

cle

Man

agem

ent F

lash

Dem

o (h

ttp:

//w

ww

.ca.

com

/us/

iden

tity-

man

agem

ent.a

spx#

docu

men

ts)

Page 23: Training ITSM

Identity management system

Sales rep.

VP Sales

Security admin

Previous sales reports 23

IdM System

Page 24: Training ITSM

Identity management systemCertification Process

Notification

24

IdM System

VP Sales

Security admin

Employees

Page 25: Training ITSM

System Demo

25