publication . Article . 2015

Engaging stakeholders during late stage security design with assumption personas

Shamal Faily;
Open Access English
  • Published: 12 Oct 2015
  • Country: United Kingdom
Abstract
Purpose\ud – This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system’s design.\ud \ud Design/methodology/approach\ud – The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system’s design. The author validates this approach using a case study in the e-Science domain.\ud \ud Findings\ud – Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparat...
Subjects
free text keywords: Management of Technology and Innovation, Computer Networks and Communications, Software, Information Systems and Management, Management Information Systems, Information Systems
Related Organizations
23 references, page 1 of 2

Cooper, A.R. and Cronin, D. (2007), About Face 3: The Essentials of Interaction Design, John Wiley & Sons, Hoboken, NJ.

Crichton, C., Davies, J. Gibbons, J. Harris, S. Tsui, A. and Brenton, J. (2009), “Metadata-driven software for clinical trials”, Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care, IEEE Computer Society, pp. 1-11.

Dray, S.M. (2014), “Questioning assumptions: UX research that really matters”, Interactions, Vol. 21 No. 2, pp. 82-85.

Faily, S. (2011), “A framework for usable and secure system design”, PhD thesis, University of Oxford. [OpenAIRE]

Faily, S. (2013), “CAIRIS web site”, available at: http://github.com/failys/CAIRIS (accessed 13 October 2014).

Faily, S. and Fléchais, I. (2010), “Barry is not the weakest link: eliciting secure system requirements with Personas”, Proceedings of the 24th BCS Interaction Specialist Group Conference, BCS '10, British Computer Society, pp. 124-132.

Faily, S. and Fléchais, I. (2010a), “A meta-model for usable secure requirements engineering”, Proceedings of the 6th International Workshop on Software Engineering for Secure Systems, IEEE Computer Society, pp. 126-135. [OpenAIRE]

Faily, S. and Fléchais, I. (2010b), “The secret lives of assumptions: developing and refining assumption personas for secure system design”, Proceedings of the 3rd Conference on Human-Centered Software Engineering, Springer, pp. 111-118. [OpenAIRE]

Faily, S. and Fléchais, I. (2011), “User-centered information security policy development in a post-Stuxnet world”, Proceedings of the 6th International Conference on Availability, Reliability and Security, pp. 716-721. [OpenAIRE]

Faily, S. and Lyle, J. (2013), “Guidelines for integrating personas into software engineering tools”, Proceedings of the 5th ACM SIGCHI Symposium on Engineering Interactive Computing Systems, EICS '13, ACM, pp. 69-74. [OpenAIRE]

Fléchais, I. (2005), “Designing secure and usable systems”, PhD thesis, University College, London. [OpenAIRE]

Fléchais, I., Mascolo, C. and Sasse, M.A. (2007), “Integrating security and usability into the requirements and design process”, International Journal of Electronic Security and Digital Forensics, Vol. 1 No. 1, pp. 12-26. [OpenAIRE]

Martin, A., Davies, J. and Harris, S. (2010), “Towards a framework for security in e-Science”, IEEE E-Science 2010 Conference, Oxford University, Oxford.

National Center for Biotechnology Information. (2014), “PubMed.gov”, available at: www.ncbi. nlm.nih.gov/pubmed (accessed 13 October 2014).

Parkin, S., van Moorsel, A. Inglesant, P. and Angela, S.M. (2010), “A stealth approach to usable security: helping IT security managers to identify workable security solutions”, Proceedings of the 2010 Workshop on New Security Paradigms, NSPW '10, ACM, pp. 33-50.

23 references, page 1 of 2
Related research
Abstract
Purpose\ud – This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system’s design.\ud \ud Design/methodology/approach\ud – The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system’s design. The author validates this approach using a case study in the e-Science domain.\ud \ud Findings\ud – Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparat...
Subjects
free text keywords: Management of Technology and Innovation, Computer Networks and Communications, Software, Information Systems and Management, Management Information Systems, Information Systems
Related Organizations
23 references, page 1 of 2

Cooper, A.R. and Cronin, D. (2007), About Face 3: The Essentials of Interaction Design, John Wiley & Sons, Hoboken, NJ.

Crichton, C., Davies, J. Gibbons, J. Harris, S. Tsui, A. and Brenton, J. (2009), “Metadata-driven software for clinical trials”, Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care, IEEE Computer Society, pp. 1-11.

Dray, S.M. (2014), “Questioning assumptions: UX research that really matters”, Interactions, Vol. 21 No. 2, pp. 82-85.

Faily, S. (2011), “A framework for usable and secure system design”, PhD thesis, University of Oxford. [OpenAIRE]

Faily, S. (2013), “CAIRIS web site”, available at: http://github.com/failys/CAIRIS (accessed 13 October 2014).

Faily, S. and Fléchais, I. (2010), “Barry is not the weakest link: eliciting secure system requirements with Personas”, Proceedings of the 24th BCS Interaction Specialist Group Conference, BCS '10, British Computer Society, pp. 124-132.

Faily, S. and Fléchais, I. (2010a), “A meta-model for usable secure requirements engineering”, Proceedings of the 6th International Workshop on Software Engineering for Secure Systems, IEEE Computer Society, pp. 126-135. [OpenAIRE]

Faily, S. and Fléchais, I. (2010b), “The secret lives of assumptions: developing and refining assumption personas for secure system design”, Proceedings of the 3rd Conference on Human-Centered Software Engineering, Springer, pp. 111-118. [OpenAIRE]

Faily, S. and Fléchais, I. (2011), “User-centered information security policy development in a post-Stuxnet world”, Proceedings of the 6th International Conference on Availability, Reliability and Security, pp. 716-721. [OpenAIRE]

Faily, S. and Lyle, J. (2013), “Guidelines for integrating personas into software engineering tools”, Proceedings of the 5th ACM SIGCHI Symposium on Engineering Interactive Computing Systems, EICS '13, ACM, pp. 69-74. [OpenAIRE]

Fléchais, I. (2005), “Designing secure and usable systems”, PhD thesis, University College, London. [OpenAIRE]

Fléchais, I., Mascolo, C. and Sasse, M.A. (2007), “Integrating security and usability into the requirements and design process”, International Journal of Electronic Security and Digital Forensics, Vol. 1 No. 1, pp. 12-26. [OpenAIRE]

Martin, A., Davies, J. and Harris, S. (2010), “Towards a framework for security in e-Science”, IEEE E-Science 2010 Conference, Oxford University, Oxford.

National Center for Biotechnology Information. (2014), “PubMed.gov”, available at: www.ncbi. nlm.nih.gov/pubmed (accessed 13 October 2014).

Parkin, S., van Moorsel, A. Inglesant, P. and Angela, S.M. (2010), “A stealth approach to usable security: helping IT security managers to identify workable security solutions”, Proceedings of the 2010 Workshop on New Security Paradigms, NSPW '10, ACM, pp. 33-50.

23 references, page 1 of 2
Related research
Powered by OpenAIRE Research Graph
Any information missing or wrong?Report an Issue