publication . Article . 2015

Engaging stakeholders during late stage security design with assumption personas

Shamal Faily;
  • Published: 12 Oct 2015
  • Country: United Kingdom
Abstract
Purpose\ud – This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system’s design.\ud \ud Design/methodology/approach\ud – The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system’s design. The author validates this approach using a case study in the e-Science domain.\ud \ud Findings\ud – Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparat...
Subjects
free text keywords: Management of Technology and Innovation, Computer Networks and Communications, Software, Information Systems and Management, Management Information Systems, Information Systems, Information security, Process management, Participatory design, Persona, Business analysis, Project team, Originality, media_common.quotation_subject, media_common, Security design, Knowledge management, business.industry, business, Engineering
Related Organizations
23 references, page 1 of 2

Cooper, A.R. and Cronin, D. (2007), About Face 3: The Essentials of Interaction Design, John Wiley & Sons, Hoboken, NJ.

Crichton, C., Davies, J. Gibbons, J. Harris, S. Tsui, A. and Brenton, J. (2009), “Metadata-driven software for clinical trials”, Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care, IEEE Computer Society, pp. 1-11.

Dray, S.M. (2014), “Questioning assumptions: UX research that really matters”, Interactions, Vol. 21 No. 2, pp. 82-85. [OpenAIRE]

Faily, S. (2011), “A framework for usable and secure system design”, PhD thesis, University of Oxford. [OpenAIRE]

Faily, S. (2013), “CAIRIS web site”, available at: http://github.com/failys/CAIRIS (accessed 13 October 2014).

Faily, S. and Fléchais, I. (2010), “Barry is not the weakest link: eliciting secure system requirements with Personas”, Proceedings of the 24th BCS Interaction Specialist Group Conference, BCS '10, British Computer Society, pp. 124-132.

Faily, S. and Fléchais, I. (2010a), “A meta-model for usable secure requirements engineering”, Proceedings of the 6th International Workshop on Software Engineering for Secure Systems, IEEE Computer Society, pp. 126-135. [OpenAIRE]

Faily, S. and Fléchais, I. (2010b), “The secret lives of assumptions: developing and refining assumption personas for secure system design”, Proceedings of the 3rd Conference on Human-Centered Software Engineering, Springer, pp. 111-118. [OpenAIRE]

Faily, S. and Fléchais, I. (2011), “User-centered information security policy development in a post-Stuxnet world”, Proceedings of the 6th International Conference on Availability, Reliability and Security, pp. 716-721. [OpenAIRE]

Faily, S. and Lyle, J. (2013), “Guidelines for integrating personas into software engineering tools”, Proceedings of the 5th ACM SIGCHI Symposium on Engineering Interactive Computing Systems, EICS '13, ACM, pp. 69-74. [OpenAIRE]

Fléchais, I. (2005), “Designing secure and usable systems”, PhD thesis, University College, London. [OpenAIRE]

Fléchais, I., Mascolo, C. and Sasse, M.A. (2007), “Integrating security and usability into the requirements and design process”, International Journal of Electronic Security and Digital Forensics, Vol. 1 No. 1, pp. 12-26.

Martin, A., Davies, J. and Harris, S. (2010), “Towards a framework for security in e-Science”, IEEE E-Science 2010 Conference, Oxford University, Oxford.

National Center for Biotechnology Information. (2014), “PubMed.gov”, available at: www.ncbi. nlm.nih.gov/pubmed (accessed 13 October 2014).

Parkin, S., van Moorsel, A. Inglesant, P. and Angela, S.M. (2010), “A stealth approach to usable security: helping IT security managers to identify workable security solutions”, Proceedings of the 2010 Workshop on New Security Paradigms, NSPW '10, ACM, pp. 33-50.

23 references, page 1 of 2
Related research
Abstract
Purpose\ud – This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system’s design.\ud \ud Design/methodology/approach\ud – The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system’s design. The author validates this approach using a case study in the e-Science domain.\ud \ud Findings\ud – Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparat...
Subjects
free text keywords: Management of Technology and Innovation, Computer Networks and Communications, Software, Information Systems and Management, Management Information Systems, Information Systems, Information security, Process management, Participatory design, Persona, Business analysis, Project team, Originality, media_common.quotation_subject, media_common, Security design, Knowledge management, business.industry, business, Engineering
Related Organizations
23 references, page 1 of 2

Cooper, A.R. and Cronin, D. (2007), About Face 3: The Essentials of Interaction Design, John Wiley & Sons, Hoboken, NJ.

Crichton, C., Davies, J. Gibbons, J. Harris, S. Tsui, A. and Brenton, J. (2009), “Metadata-driven software for clinical trials”, Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care, IEEE Computer Society, pp. 1-11.

Dray, S.M. (2014), “Questioning assumptions: UX research that really matters”, Interactions, Vol. 21 No. 2, pp. 82-85. [OpenAIRE]

Faily, S. (2011), “A framework for usable and secure system design”, PhD thesis, University of Oxford. [OpenAIRE]

Faily, S. (2013), “CAIRIS web site”, available at: http://github.com/failys/CAIRIS (accessed 13 October 2014).

Faily, S. and Fléchais, I. (2010), “Barry is not the weakest link: eliciting secure system requirements with Personas”, Proceedings of the 24th BCS Interaction Specialist Group Conference, BCS '10, British Computer Society, pp. 124-132.

Faily, S. and Fléchais, I. (2010a), “A meta-model for usable secure requirements engineering”, Proceedings of the 6th International Workshop on Software Engineering for Secure Systems, IEEE Computer Society, pp. 126-135. [OpenAIRE]

Faily, S. and Fléchais, I. (2010b), “The secret lives of assumptions: developing and refining assumption personas for secure system design”, Proceedings of the 3rd Conference on Human-Centered Software Engineering, Springer, pp. 111-118. [OpenAIRE]

Faily, S. and Fléchais, I. (2011), “User-centered information security policy development in a post-Stuxnet world”, Proceedings of the 6th International Conference on Availability, Reliability and Security, pp. 716-721. [OpenAIRE]

Faily, S. and Lyle, J. (2013), “Guidelines for integrating personas into software engineering tools”, Proceedings of the 5th ACM SIGCHI Symposium on Engineering Interactive Computing Systems, EICS '13, ACM, pp. 69-74. [OpenAIRE]

Fléchais, I. (2005), “Designing secure and usable systems”, PhD thesis, University College, London. [OpenAIRE]

Fléchais, I., Mascolo, C. and Sasse, M.A. (2007), “Integrating security and usability into the requirements and design process”, International Journal of Electronic Security and Digital Forensics, Vol. 1 No. 1, pp. 12-26.

Martin, A., Davies, J. and Harris, S. (2010), “Towards a framework for security in e-Science”, IEEE E-Science 2010 Conference, Oxford University, Oxford.

National Center for Biotechnology Information. (2014), “PubMed.gov”, available at: www.ncbi. nlm.nih.gov/pubmed (accessed 13 October 2014).

Parkin, S., van Moorsel, A. Inglesant, P. and Angela, S.M. (2010), “A stealth approach to usable security: helping IT security managers to identify workable security solutions”, Proceedings of the 2010 Workshop on New Security Paradigms, NSPW '10, ACM, pp. 33-50.

23 references, page 1 of 2
Related research
Powered by OpenAIRE Research Graph
Any information missing or wrong?Report an Issue