This project will develop and evaluate visualizations to coherently represent the rich semantics of the security policy domain in order to promote collaboration between managers and IT security specialists, and so improve the deployment of digital security within organizations.
Effective shared understanding by organization managers and IT security specialists is critical for the successful specification and implementation of digital security policies. When the collaboration is poor, ambiguities and misunderstandings produce vulnerabilities in access control and authentication procedures, but may also unnecessarily hamper the smooth operation of the organization. Semantically rich visualizations can bridge this critical gap in comprehension, by providing a shared representation through which managers and IT specialist can understand each other’s perspectives and work together to refine policies and their implementations. Little previous research exists on the design of visualizations as a solution to the problem of effective collaboration in cybersecurity policies.
The project will take two innovative approaches to develop visualizations for collaboration on cybersecurity policies. (a) It will invent a novel visualization for security policy collaboration using a proven approach to the design of semantically rich graphical representations, known as Law Encoding Diagrams. (b) It will investigate the application of an existing graphical notation for systems specification, Constraints Diagrams, as a potential solution to the security policy collaboration problem. Contrasting the two different types of representations will provide insights in to what kind of visualizations can address the cyber security collaboration problem, why such visualizations work, and what is the most effect type of visualization.
The project has five main objectives:
1) To study the main problems that hinder manger–IT specialist collaboration in the area of security policy specification and implementation.
2) To design a new class of Law Encoding Diagrams as a novel visualization using the Representational Epistemic approach to create semantically rich graphical representation.
3) To theoretically investigate the potential of Constraint Diagrams as an existing graphical notation for collaboration.
4) To build a prototype a software tool for collaborative security policy development, with separate visualizations for Law Encoding Diagrams and Constraint Diagrams.
5) To use the tool to empirically evaluate the how effectively each of the visualizations promotes productive collaboration between managers and IT security specialists.
The project has anticipated impacts in the areas of cybersecurity and information visualization. For cybersecurity, the project will provide a new perspective on the importance of collaboration in the management and implementation of policies, in a field that has primarily focused on systems for IT specialists. We expect that the new visualizations will initiate wide interest in the systematic design of semantically rich visualizations and thus launch a new generation of security tools that will be a shared resource between managers and IT specialists. This impact may be substantial, because of the sheer number of number of systems that require some form of access control and user authentication. For the field information visualization, the project will be a further demonstration of the potential of the Representation Epistemic approach to knowledge visualization. By shifting the general design of information visualization to semantically rich representations, substantial improvements to forms of higher cognition, such as problem solving and conceptual learning, can be achieved across many technical domains.