UX research for Security Dashboard

What questions are you trying to answer?

We are creating a Security Dashboard that will allow Security teams to leverage Security Products features (like SAST, Dependency Scanning, etc) to manage applications security

We want to know which is the right approach for the Security Dashboard, having answers to the following questions (and more):

  1. which data do we have to report in the dashboard?
  2. which are the top features that will be useful to security teams?
  3. which is the actions that will start from there?
  4. which are the factors that will define the "impact" of a vulnerability?
  5. which view is required to be an effective dashboard?
  6. do we need to focus on project, group, or instance dashboards?
  7. do we need to make the "target" a custom list?
  8. which is the value to have a "security history"?
  9. ...more?

What assumptions do you have?

We assume that:

  1. the dashboard will be the primary tool for security teams
  2. since it will focus on security teams, it doesn't need to focus on developers too (we already have reports for them)
  3. we want to make this board working by conventions, so that there is more convention than configuration
  4. security teams focus on "impact" to prioritize their work, issues with higher impact should be addressed first

Ultimately, what would you like to get out of the research?

What a Security Dashboard should look like, and which are the must-have features, to make it useful for Security Teams (not developers).

What's the latest date that the research will still be useful to you?

We already started to develop a Security Dashboard, and we are working to solve technical constraints that prevent it to evolve. But we expect to work in the right direction and to have it fully done in a few releases.

Links

&161 (closed)

Progress

  • Read Security Dashboard MVC and related designs/issues [Deadline: Thurs July 5th]
  • Review 3-4 security dashboards [Deadline: Fri July 13th]
  • Identify 10 features that the dashboards have in common [Deadline: Weds July 18th]
  • Analyze product review sites (for example, https://www.g2crowd.com/). [Deadline: Fri July 20th]
  • Analyze social media (in particular Reddit, LinkedIn, Twitter and HackerNews). [Deadline: Mon July 23rd]
  • Schedule Meeting with Security area UX Designer [Deadline: Tues July 17th]
    • Meet with Security area UX Designer to discuss research findings [Meeting: Weds July 25th]
  • Collate findings into a report format. [Deadline: Fri: July 27th]
  • Collate documentation on security dashboards into a shared Google folder. [Deadline: Weds Aug 1st]
  • Add link to report to issue description [Deadline: Fri Aug 3rd]
    • Provide updates in this issue and Q3 OKR Epic [Deadline: Fri Aug 3rd]
  • Add report to UX Research Archive [Dealine: Fri Aug 3rd]

Security Dashboard Research Report

https://drive.google.com/file/d/1hHZ6PgFvQvKPgiPQ0cNU7MZ81H-YTXYO/view?usp=sharing

Edited by Katherine Okpara