Upload
laurian-vega
View
220
Download
0
Embed Size (px)
Citation preview
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
1/20
Usable Security in Practice: CollaborativeManagement of Electronic & Physical Personal
Information
Laurian C. Vega
Virginia Tech
ay, October 17, 2010
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
2/20
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
3/20
Computer
Science &Security
Adams, A. and M.A.
Sasse, Users Are Not
the Enemy, in
Communications of
the ACM. 1999. p.
40-46.
ay, October 17, 2010
the ACM Portal there are 33,619 references with the word Security in the title or abstrac
hile Im not here to summarize decades of work, I am here to talk about one aspect ofcurity that hasnt been covered at all until recently. Security literature, when not proposindeceptive new algorithm, has been known to put forth the position that humans are theak link in the security chain. Well recent work has pushed back on that notion. That it isn
at people arent secure, it is that the software that isnt usable that is the problem. It is anue that passwords are too complex, and that security systems are not modeled after use
ental models.
u can read more about this issue in this foundational work, called Users are not the...
y work is an important extension beyond the work of usable security. In my work I look pagle individuals looking at computers and instead look at how communities manage
curity and privacy in the work setting.
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
4/20
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
5/20
MedicalInformatics &
Adoption ofElectronicRecords
Berner, E.S., D.E. Detmer &
D. Simborg, Will the WaveFinally Break? A Brief View
of the Adoption of
Electronic Medical Records
in the United States. J Am
Med Inform Assoc, 2005.
12(1): p. 3-7.
ay, October 17, 2010
milar to the rise of studying how to make technology more usable there has been ancrease in a push to use electronic records. This push, while not limited to, is ever prevalenthe medical industry where doctors are carrying tables, iphones, and nurses and ofce
aare working with electronic medical records.
hen considering electronic records, though, there can be a focus on looking at issues thatect adoption, instead of what how the issues related to their use can aect the work thatople are doing. To see these issues we have to go beyond asking questions such asoption rates, or how usable these systems are, or what are the workflows that people do,t to understand how technologies that are embedded into peoples environments are tooat embody values. It is in understanding the work that people do, that we can then designchnologies that support them.
u can learn more about this issue in the work of Berner, Detmer, and Simborg, on Will thave Finally Break
ese two motivations are what drives my work to understand communities that are allegednsitioning from paper to electronic records, and, specifically, how these issues are
ecting the security of sensitive personal information. To do this I study two locations wheese issues are embodied.
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
6/20
Childcare Centersay, October 17, 2010
e first location I study is childcare centers, where one in three children in America spendeir day. These places need to balance the daily care of the child, with maintaining and usie private information of child and parent
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
7/20
Physicians Officesay, October 17, 2010
d I study physicians ofces. 99% of americans see a doctor between three and four timear, with 1.5 million physicians in the united states alone
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
8/20
ResearchQuestion
How do socio-technical systems thatuse sensitive personal informationmanage work-practice breakdownssurrounding the implicit and explicitrules of process?
What are the implicit and explicitru les surrounding how medica lpractices and childcares handlesensitive personal information?
What breakdowns happen when theexplicit and implicit rules are notfollowed?
How are breakdowns accounted for,negotiated, and managed in socio-technical systems where sensitivepersonal information exists?
ay, October 17, 2010
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
9/20
MethodLocation: Southwest-Virginia
Rural
IRB Approved
51 Interviewed Participants:
13 Childcare Directors 18 Medical Directors 21 Parents
121 hours of observations
4 Childcares & 4 Physiciansoffices
Notes, collected artifacts,pictures
ay, October 17, 2010
ver methods of protecting participant identity
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
10/20
MethodStudying the world of theparticipants as an active - observer
The research findings are dependenton the interpretations of theresearcher; researcher is theinstrument
Research questions are open, andadaptive to upon deeperunderstanding of the research context
Data is captured in notes & richdescriptions, transcriptions, artifacts,memos of interpretation, audiorecordings, etc
Data collection is never complete
ay, October 17, 2010
e questions I am asking need to derive the motivations behind why certain information isvate; why certain policies were created; why certain policies are not working. These areestions that cannot be answered quantitatively
analyze the data we used a phenomenological approach of identifying and understandine themes that impacted the issues of security and privacy. Phenomenology can be used aethod of trying to understand the subjective experience of people within their particularntext. It has been used to understand topics of awareness [11], and in the more classicalilosophical works of Heidegger [22] and Schutz [31]. The goal of phenomenology is toscribe the experiences and reality of a group of people. This method is appropriate for ork because of the focus on the lived experience of security and privacy. It was selecteder discourse analysis and grounded theory because these methods can focus on languaged process, which was not the goal of our study. Data was analyzed by creating a set ofemes, clustering the data into sets of meanings, establishing agreement between thesearchers, and then examining the resulting body of data related to the themes.
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
11/20
Dissertation Outcomes
Initial steps in focusing oncommunities of security
A set of scenarios depicting
abstracted breakdowns and
technology implications
A list of derived explicit
and explicit rules
surrounding the
management of sensitive
ay, October 17, 2010
m now going to talk about two norms that are relevant for security that the analysis ofrticipant interviews helped elicit.
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
12/20
Security &Interruptions
Childcares and Physicians Officeshave valuable security practices
Childcare directors are withinproximal distance to files
Placing papers with extrasensitive information in the backof the file
Physical files afford being closed,or hidden
Information can be shredded,labeled, handed to only specificpeople
ay, October 17, 2010
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
13/20
Security &Interruptions
But... these places areintrinsically messy
41% of the time when someoneis interrupted, they do not returnto their task (OConaill &Frohlich 1995)
Directors have to create on-the
-
fly policies and practices tomanage privacy in these messyspaces
ay, October 17, 2010
rst point>announced inspectionnceled sessions - teachers out sick, directors child was sick, daughter to hospitalve school vannt to front desk to assist with busy timescking sick children to sleepting as cook-livering supeniassing patient files - seen in every location
new patient coming to the windowinsurance company calling to ask for a copy of a patients file
--derstanding the tension between security on-the-fly but managing the messiness of therk in this setting is what reflects a deep need to evaluate where the zones of ambiguityist in the design space for security and privacy. By allowing for ambiguity about how to
spond to a particular new stimulus or problem, the childcare is capable to negotiating aw policy that allows them to navigate to new or bendable appropriate solutions.cognizing these, and then understanding how to design for them is an emerging area forto consider.
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
14/20
InformationRedundancy
Information in multiple forms:electronic, billing, health
Reasons:
To serve a community purpose
To protect information from beinglost
To use appropriate informationbased on contextual needs
The problem is, and someone
wouldnt think about why itsso important, but its like the
Virginia Tech massacre we had3 patients who we had to
identify the bodies.
12ay, October 17, 2010
Files from 1930s - 3rd generation inherited files
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
15/20
InformationRedundancy
Information in multiple forms:electronic, billing, health
Reasons:To serve a community purpose
To protect information frombeing lost
To use appropriate information
we actually have a series ofbackups. We have a local tape
backup and we have an off site
backup which actually backs upover the internet at my house at
night... And then at my home weactually have two hard drives andmy wife goes to the safety deposit
box and swaps them out regularly.So if somebodys mad enough to
burn this office down and my homedown, well still have a record in a
safe deposit box.
13ay, October 17, 2010
nsion between keeping information safe and information accessible.
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
16/20
InformationRedundancy
Information in multiple forms:electronic, billing, health
Reasons:To serve a community purpose
To protect information frombeing lost
To use appropriate information
We have an electronic medicalrecord here so its all eventually
entered in. The information is takendown by a nurse interviewer
preoperatively on a pre-op visit....And then eventually that all gets
put into the electronic medicalrecord... but of course we transfer a
lot of that information onto the
anesthesia record which is enteredin real time into the electronicmedical record
14ay, October 17, 2010
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
17/20
A special thanks to my committee: Steve
Harrison, Deborha Tatar, Enid Montague,
Dennis Kafura, and Scott McCrickard;and, Tom DeHart, Laura Agnich,
Edgardo Vega, Zalia Shams, Monika
Akbar, Stacy Branham, & Aubrey Baker
who helped run, code, and analyze the
data.
Laurian VegaDepartment of Computer
Science, Virginia Tech
Thank you
ay, October 17, 2010
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
18/20
Photo Attribution
Slide 1
http://weblogs.jomc.unc.edu/ihc/wp-content/uploads/2010/04/
electronic_medical_records.jpg
SILK Information Systems: http://www.flickr.com/photos/36734051@N04/3385146885/
http://www.corbisimages.com/Images/spacer.gif
Slide 2
formalfallacy @ Dublin: http://www.flickr.com/photos/formalfallacy/2057169454/
Slide 11
.penny: http://www.flickr.com/photos/44124468595@N01/14370954/
Slide 17
Simon Lieschke: http://www.flickr.com/photos/slieschke/226873460/
ay, October 17, 2010
http://www.flickr.com/photos/slieschke/226873460/http://www.flickr.com/photos/slieschke/226873460/http://www.flickr.com/photos/44124468595@N01/14370954/http://www.flickr.com/photos/44124468595@N01/14370954/8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
19/20
Documenting Breakdowns &Activity Theory
Tool
Subject Object OutcomeTransformationProcess
Rules CommunityDivision of
Labor
ay, October 17, 2010
wasnt selected: Value-Centered Design, Design tensions, Communities of Practice, DCog, Common information Spaces, and Macroergonomicsand Engles, but is highly influenced by Vygotsky (Roth et al. 2007), Leontev (Leont'ev 1981 (Russian original 1947)), and Luria.ivity is the central part - focus on the context of the activity instead of surrounding the actions/operationsivities are dynamic and have different scale; Activities have history - e.g., a formfacts serve as mediators; have limitations; limitations may be particular to objective of activityivity structure - explain parts of diagram
8/8/2019 Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
20/20
SensitiveInformation Rich
Places
Aspects:
Managing others information
Information in multiple places
Numerous people accessing
Information in different forms
Managing security & privacy issecondary
ay, October 17, 2010
th childcares and physicians ofces are sensitive information rich places. What do I meanthat. I mean that they have the following characteristics. [Read characteristics] By studyinth childcares and physicians ofces I will be able to better generalize about how privacyd security are managed in this space.
so considered for study were employee records, criminal records, and others that haveen considered for future work.