Investigating the work practices of network security professionals

Abstract

Purpose – The purpose of this paper is to investigate the work practices of network security professionals and to propose a new and robust work practices model of these professionals. Design/methodology/approach – The proposed work practices model is composed by combining the findings of ten notable empirical studies performed so far this century. The proposed model was then validated by an online survey of 125 network security professionals with a wide demographic spread. Findings – The empirical data collected from the survey of network security professionals strongly validate the proposed work practices model. The results also highlight interesting trends for different groups of network security professionals, with respect to performing different security-related activities. Research limitations/implications – Further studies could investigate more closely the links and dependencies between the different activities of the proposed work practices model and tools used by network security professionals to perform these activities. Practical implications – A robust work practices model of network security professionals could hugely assist tool developers in designing usable tools for network security management. Originality/value – This paper proposes a new work practices model of network security professionals, which is built by consolidating existing empirical evidence and validated by conducting a survey of network security professionals. The findings enhance the understanding of tool developers about the day-to-day activities of network security professionals, consequently assisting developers in designing better tools for network security management.