User‐centred security applied to the development of a management information system
Information Management & Computer Security
ISSN: 0968-5227
Article publication date: 16 October 2007
Abstract
Purpose
This paper aims to use user‐centred security development of a prototype graphical interface for a management information system dealing with information security with upper‐level management as the intended users.
Design/methodology/approach
The intended users were studied in order to understand their needs. An iterative design process was used where the designs were first made on paper, then as a prototype interface and later as a final interface design. All was tested by subjects within the target user group.
Findings
The interface was perceived as being successful by the test subjects and the sponsoring organization, Siguru. The major conclusion of the study is that managers use knowledge of information security mainly for financial and strategic matters which focus more on risk issues than security issues. To facilitate the need of managers the study presents three heuristics for the design of management information security system interfaces.
Research limitations/implications
This interface was tested on a limited set of users and further tests could be done, especially of users with other cultural/professional backgrounds.
Practical implications
This paper presents a useful set of heuristics that can be used in development of management information systems as well as other practical tips for similar projects.
Originality/value
This paper gives an example of a successful user‐centred security development process. The lessons learned could be beneficial in software development in general and security products in particular.
Keywords
Citation
Nohlberg, M. and Bäckström, J. (2007), "User‐centred security applied to the development of a management information system", Information Management & Computer Security, Vol. 15 No. 5, pp. 372-381. https://doi.org/10.1108/09685220710831116
Publisher
:Emerald Group Publishing Limited
Copyright © 2007, Emerald Group Publishing Limited