Guidelines are based on scientific sources.
| Name | Design guidelines for security management systems |
| Sources | (Chiasson et al., 2007) |
| Synonyms | None |
| Context | Interface design for administrators |
| Item 1 | Administrators should reliably and promptly be made aware of the security tasks they must perform [Principle] Conditioning |
| Item 2 | Administrators should be able to figure out how to successfully perform those tasks |
| Item 3 | Administrators should be able to tell when their task has been completed |
| Item 4 | Administrators should have sufficient feedback to accurately determine the current state of the system and the consequences of their actions [Principle] Clarity [Principle] Visibility |
| Item 5 | Administrators should be able to revert to a previous system state if a security decision has unintended consequences [Principle] Revocability |
| Item 6 | Administrators should be able to form an accurate and meaningful mental model of the system they are protecting |
| Item 7 | Administrators should be able to easily examine the system from different levels of encapsulation in order to gain an overall perspective and be able to effectively diagnose specific problems |
| Item 8 | The interface should facilitate interpretation and diagnosis of potential security threats |
| Item 9 | Administrators should be able to easily seek advice and take advantage of community knowledge to make security decisions |
| Item 10 | The interface should encourage administrators to address critical issues in a timely fashion [Principle] Conditioning |
| Examples | None |
| Related Guidelines | None |
| Tags | security management systems, administrators |
| Log history | [01/30/2019]: Added to repository |
Chiasson, S., Biddle, R., Somayaji, A., 2007. Even experts deserve usable security: Design guidelines for security management systems, in: Symposium on Usable Security and Privacy (SOUPS), Workshop on Usable IT Security Management (USM ’07).