Search results
1 – 2 of 2Shamal Faily, Claudia Iacob, Raian Ali and Duncan Ki-Aries
This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions.
Abstract
Purpose
This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions.
Design/methodology/approach
The authors devised an approach to partially automate the construction of social goal models from personas. The authors provide two examples of how this approach can identify previously hidden implicit vulnerabilities and validate ethical hazards faced by penetration testers and their safeguards.
Findings
Visualising personas as goal models makes it easier for stakeholders to see implications of their goals being satisfied or denied and designers to incorporate the creation and analysis of such models into the broader requirements engineering (RE) tool-chain.
Originality/value
The approach can be used with minimal changes to existing user experience and goal modelling approaches and security RE tools.
Details
Keywords
Joakim Kävrestad, Felicia Burvall and Marcus Nohlberg
Developing cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and…
Abstract
Purpose
Developing cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and organizational aspects affect each other in an intertwined way. With the goal of providing a holistic representation of CSA, this paper aims to develop a taxonomy of factors that contribute to organizational CSA.
Design/methodology/approach
The research used a design science approach including a literature review and practitioner interviews. A taxonomy was drafted based on 71 previous research publications. It was then updated and refined in two iterations of interviews with domain experts.
Findings
The result of this research is a taxonomy which outline six domains for importance for organization CSA. Each domain includes several activities which can be undertaken to increase CSA within an organization. As such, it provides a holistic overview of the CSA field.
Practical implications
Organizations can adopt the taxonomy to create a roadmap for internal CSA practices. For example, an organization could assess how well it performs in the six main themes and use the subthemes as inspiration when deciding on CSA activities.
Originality/value
The output of this research provides an overview of CSA based on information extracted from existing literature and then reviewed by practitioners. It also outlines how different aspects of CSA are interdependent on each other.
Details