final heuristic evaluation tutorial
DESCRIPTION
Webinar for IdM project at UBC, April 2012TRANSCRIPT
![Page 1: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/1.jpg)
Heuristic Evaluation Tutorial
1
![Page 2: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/2.jpg)
Heuristic Evaluation
• Goal: Identifying usability problems in existing systems
• Checking compliance with a set of usability principles
• Performed individually • Results will be aggregated
2
![Page 3: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/3.jpg)
Heuristic Evaluation
• The scope is limited to scenarios • You can go through the interface several times• You should specify: – The problem – The task– The heuristic(s)
3
![Page 4: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/4.jpg)
IT security management (ITSM) tools
• IT security management tools are components in the design, development, and maintenance of a secure information technology infrastructure. – Examples: network firewall, intrusion detection
system, identity and access management system• Characteristics of the ITSM environment– Complex, collaborative, people with different
backgrounds
4
![Page 5: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/5.jpg)
Example ITSM Tool
• Firewall as a running example• Filtering packet based on certain
characteristics• Firewall use rules for this purpose– E.g. block every connection from 123.123.100.100
5
![Page 6: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/6.jpg)
HEURISTICS
6
![Page 7: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/7.jpg)
1 – Visibility of activity status
Provide users with awareness about the status of the activity distributed over time and space, including the other users involved in the activity, their actions, and distribution of work between them; rules that govern the activity; tools, information, and material that are used in the activity; and progress toward the activity objective. Provide communication channels for transferring the status of the activity. While providing awareness is crucial, provide awareness only about what a user needs to know to complete his actions.
7
![Page 8: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/8.jpg)
1 – Visibility of activity status
Providing communication channelsProvide shared view of the system stateProvide information about who is responsibleDon’t show all the firewall rules
8
Security admin
Employee
Firewall
![Page 9: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/9.jpg)
2- History of actions and changes on artifacts
Allow capturing the history of actions and changes on tools or other artefacts such as policies, logs, and communication between users. Provide a means for searching and analyzing historical information.
9
![Page 10: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/10.jpg)
2- History of actions and changes on artifacts
- Provide archiving - History of actions- Data correlation and filtering
10
Security Admin 1
Security admin 2
Firewall
![Page 11: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/11.jpg)
3- Flexible representation of information
Allow changing the representation of information to suit the target audience and their current task. Support flexible reports. Allow tools to change the representation of their input/output for flexible combination with other tools.
11
![Page 12: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/12.jpg)
3- Flexible representation of information
Malicious network activity
What is the source ip addresses?
Total number/month?
Packet analyzer • Different presentation formats or multiple views
• Flexible reporting • Different methods of interaction with the tool• Combinable tools • Customizable tools
12
Firewall
ManagerSecurity Admin
![Page 13: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/13.jpg)
4- Rules and constraints
Promote rules and constraints on ITSM activities, but provide freedom for users to choose different paths that respect the constraints. Constraints can be enforced in multiple layers. For example, a tool could constrain the possible actions based on the task, the chosen strategy for performing the task (e.g., the order of performing actions), the social and organizational structure (e.g., number of subjects involved in the task, policies, standards), and the competency of the user.
13
![Page 14: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/14.jpg)
4- Rules and constraints
Standards? Organization policy?………
- Allow application of different policies- List actions in hierarchical fashion
14
Security Admin Firewall
![Page 15: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/15.jpg)
5- Planning and dividing work between users
Facilitate dividing work between the users involved in an activity. For routine and pre-determined tasks, allow incorporation of a workflow. For unknown conditions, allow generation of new work plans and incorporation of new users.
15
![Page 16: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/16.jpg)
5- Planning and dividing work between users
Subdomain A notifications
Subdomain B notifications
Subdomain C notifications• Support workflow• Task prioritization
16
Security Admin 1
Security Admin 2
Security Admin 3
![Page 17: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/17.jpg)
6- Capturing, sharing, and discovery of knowledge
Allow users to capture and store their knowledge explicitly by generating documents, web-pages, scripts, and notes or implicitly by providing access to a history of their previous actions. Tools could then facilitate sharing such knowledge with other users. Furthermore, tools should facilitate discovery of the required knowledge source including artefacts or a person who possess the knowledge and provide means of communicating with the person who possesses the knowledge.
17
![Page 18: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/18.jpg)
6- Capturing, sharing, and discovery of knowledge
There is a new attack that exploits port 22 ….
- Knowledge sharing - Support scripts- Tagging / Wiki / Social Navigation- Communication channel
18
Security Admin in Organization 2
Security admin in organization 1
Firewall in organization 1
Firewall in organization 2
internet
![Page 19: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/19.jpg)
7- Verification of knowledge
For critical ITSM activities, tools should help SPs validate their knowledge about the actions that are required to perform the activity. Allow users to validate their knowledge by performing actions and validating the results on a test system before applying them to the real system. Allow users to document the required actions in the form of a note or a script; this helps the users or their colleagues to review the required actions before applying them on the system.
19
![Page 20: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/20.jpg)
7- Verification of knowledge
Test
Real• Rehearsal and planning • Manageable configuration
20
Online sources in the internet
Security admin
![Page 21: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/21.jpg)
Nielsen`s HEURISTICS
21
![Page 22: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/22.jpg)
1 - Visibility of system status
The system should always keep users informed about what is going on, through appropriate feedback within reasonable time.
22
![Page 23: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/23.jpg)
1 - Visibility of system status : example
Firewall rules:Block all connections to the range(192.168.0.1 - 192.168.0.255)Allow connections to 192.168.0.1 port 22
23
Firewall Security Admin
![Page 24: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/24.jpg)
2 - Match between system and the real world
The system should speak the users' language, with words, phrases and concepts familiar to the user, rather than system-oriented terms. It should follow real-world conventions, making information appear in a natural and logical order.
24
![Page 25: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/25.jpg)
2 - Match between system and the real world : example
Firewall rules:eth0 inbound on port 22 block
eth 0eth 1
25
Security Admin
![Page 26: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/26.jpg)
3 - User control and freedom
Users often choose system functions by mistake and will need a clearly marked "emergency exit" to leave the unwanted state without having to go through an extended dialogue. Support undo and redo.
26
![Page 27: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/27.jpg)
3 - User control and freedom : example
Firewall rules:A XB XC X
27
Firewall
![Page 28: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/28.jpg)
4 - Consistency and standards
Users should not have to wonder whether different words, situations, or actions mean the same thing. Follow platform conventions and terminology which are familiar to the user.
28
![Page 29: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/29.jpg)
4 - Consistency and standards : example
Firewall rules file:eth0 inbound … block
Block all incoming connections on eth 0Block all incoming connections on eth 1Block all incoming connections on eth 2
…
Firewall UI:
29
Firewall
Security Admin
![Page 30: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/30.jpg)
5 - Error prevention
Even better than good error messages is a careful design which prevents a problem from occurring in the first place. Either eliminate error-prone conditions or check for them and present users with a confirmation option before they commit to the action.
30
![Page 31: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/31.jpg)
5 - Error prevention : example
Firewall rules:Block all connections on port 22
Allow connections on port 22 for subnetwork1
Are you sure … ?
31
Security Admin
![Page 32: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/32.jpg)
6 - Recognition rather than recall
Minimize the user's memory load by making objects, actions, and options visible. The user should not have to remember information from one part of the dialogue to another. Instructions for use of the system should be visible or easily retrievable whenever appropriate.
32
![Page 33: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/33.jpg)
6 - Recognition rather than recall : example
Write the rule in the following text box:Write the rule in the following:
interface From To Port
33
Firewall Security Admin
![Page 34: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/34.jpg)
7 - Flexibility and efficiency of use
Accelerators -- unseen by the novice user -- may often speed up the interaction for the expert user such that the system can cater to both inexperienced and experienced users. Allow users to tailor frequent actions.
34
![Page 35: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/35.jpg)
7 - Flexibility and efficiency of use : example
Write the rule in the following text box:
Write the rule in the following:
interface From To Port
35
Security Admin
![Page 36: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/36.jpg)
8 - Aesthetic and minimalist design
Dialogues should not contain information which is irrelevant or rarely needed. Every extra unit of information in a dialogue competes with the relevant units of information and diminishes their relative visibility.
36
![Page 37: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/37.jpg)
8 - Aesthetic and minimalist design : example
37
Security Admin
![Page 38: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/38.jpg)
9 - Help users recognize, diagnose, and recover from errors
Error messages should be expressed in plain language (no codes), precisely indicate the problem, and constructively suggest a solution.
38
![Page 39: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/39.jpg)
9 - Help users recognize, diagnose, and recover from errors : example
Allow connections on port 22 for subnetwork1
• Error• Error 22• Error – rule can’t be added
• Error – Rule is in conflict with the rule number 34• Error – The port number is not valid• Error – The port number should between 1~1024
39
Firewall Security Admin
![Page 40: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/40.jpg)
10 - Help and documentation
Even though it is better if the system can be used without documentation, it may be necessary to provide help and documentation. Any such information should be easy to search, focused on the user's task, list concrete steps to be carried out, and not be too large.
40
![Page 41: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/41.jpg)
10 - Help and documentation : example
Write the rule in the following text box:Write the rule in the following:
interface From To Port ?
41
Security adminFirewall
Firewall UI
![Page 42: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/42.jpg)
IDENTITY MANAGEMENT SYSTEM The target system for heuristic evaluation
42
![Page 43: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/43.jpg)
Identity management system
Neteauto
Sales rep. 43
Sour
ce: I
denti
ty L
ifecy
cle
Man
agem
ent F
lash
Dem
o (h
ttp:
//w
ww
.ca.
com
/us/
iden
tity-
man
agem
ent.a
spx#
docu
men
ts)
![Page 44: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/44.jpg)
Identity management system
Sales rep.
VP Sales
Security admin
Previous sales reports 44
IdM System
![Page 45: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/45.jpg)
Identity management systemCertification Process
Notification
45
IdM System
VP Sales
Security admin
Employees
![Page 46: Final heuristic evaluation tutorial](https://reader035.vdocument.in/reader035/viewer/2022062406/558e248d1a28ab7e1f8b4576/html5/thumbnails/46.jpg)
System Demo
46