Information and Computer Security: Volume 26 Issue 4

Applying the physics of notation to the evaluation of a security and privacy requirements engineering methodology

Vasiliki Diamantopoulou, Haralambos Mouratidis

The purpose of this study is the analysis of a security and privacy requirements engineering methodology. Such methodologies are considered an important part of systems 

Using stage theorizing to make anti-phishing recommendations more effective

Alain Tambe Ebot

This paper aims to review the behavioral phishing literature to understand why anti-phishing recommendations are not very effective and to propose ways of making the…

Establishing information security policy compliance culture in organizations

Eric Amankwa, Marianne Loock, Elmarie Kritzinger

This paper aims to establish that employees’ non-compliance with information security policy (ISP) could be addressed by nurturing ISP compliance culture through the…

A model-based approach to support privacy compliance

Majed Alshammari, Andrew Simpson

Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software…

A grounded theory approach to security policy elicitation

Simon N. Foley, Vivien Rooney

In this paper, the authors consider how qualitative research techniques that are used in applied psychology to understand a person’s feelings and needs provides a means to…

Risk-aware decision support with constrained goal models

Nikolaos Argyropoulos, Konstantinos Angelopoulos, Haralambos Mouratidis, Andrew Fish

The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to…

Designing blockchain-based SIEM 3.0 system

Natalia Miloslavskaya

Nowadays, to operate securely and legally and to achieve business objectives, secure valuable assets and support uninterrupted business processes, all organizations need…