Search results

1 – 4 of 4
Content available
Article
Publication date: 16 August 2021

Shamal Faily, Claudia Iacob, Raian Ali and Duncan Ki-Aries

This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions.

Abstract

Purpose

This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions.

Design/methodology/approach

The authors devised an approach to partially automate the construction of social goal models from personas. The authors provide two examples of how this approach can identify previously hidden implicit vulnerabilities and validate ethical hazards faced by penetration testers and their safeguards.

Findings

Visualising personas as goal models makes it easier for stakeholders to see implications of their goals being satisfied or denied and designers to incorporate the creation and analysis of such models into the broader requirements engineering (RE) tool-chain.

Originality/value

The approach can be used with minimal changes to existing user experience and goal modelling approaches and security RE tools.

Details

Information & Computer Security, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 17 June 2019

Andrew M’manga, Shamal Faily, John McAlaney, Chris Williams, Youki Kadobayashi and Daisuke Miyamoto

The purpose of this paper is to investigate security decision-making during risk and uncertain conditions and to propose a normative model capable of tracing the decision…

Abstract

Purpose

The purpose of this paper is to investigate security decision-making during risk and uncertain conditions and to propose a normative model capable of tracing the decision rationale.

Design/methodology/approach

The proposed risk rationalisation model is grounded in literature and studies on security analysts’ activities. The model design was inspired by established awareness models including the situation awareness and observe–orient–decide–act (OODA). Model validation was conducted using cognitive walkthroughs with security analysts.

Findings

The results indicate that the model may adequately be used to elicit the rationale or provide traceability for security decision-making. The results also illustrate how the model may be applied to facilitate design for security decision makers.

Research limitations/implications

The proof of concept is based on a hypothetical risk scenario. Further studies could investigate the model’s application in actual scenarios.

Originality/value

The paper proposes a novel approach to tracing the rationale behind security decision-making during risk and uncertain conditions. The research also illustrates techniques for adapting decision-making models to inform system design.

Details

Information & Computer Security, vol. 27 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

Content available
Article
Publication date: 12 October 2015

Shamal Faily

This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late…

Downloads
1139

Abstract

Purpose

This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system’s design.

Design/methodology/approach

The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system’s design. The author validates this approach using a case study in the e-Science domain.

Findings

Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparatively late stage. Security design techniques should scale to working with sub-optimal input data.

Originality/value

This paper contributes an approach where assumption personas engage project team members when eliciting and specifying security requirements at the late stages of a project.

Details

Information & Computer Security, vol. 23 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 23 November 2010

Shamal Faily and Ivan Fléchais

The purpose of this paper is to identify the key cultural concepts effecting security in multi‐organisational systems and align these with design techniques and tools.

Downloads
656

Abstract

Purpose

The purpose of this paper is to identify the key cultural concepts effecting security in multi‐organisational systems and align these with design techniques and tools.

Design/methodology/approach

A grounded theory model of security culture was derived from the related security culture literature and empirical data from an e‐Science project. Influencing concepts were derived from these and aligned with recent work on techniques and tools for usable secure systems design.

Findings

Roles and responsibility, sub‐cultural norms and contexts, and different perceptions of requirements were found to be influencing concepts towards a culture of security. These concepts align with recent work on personas, environment models, and related tool support.

Originality/value

This paper contributes a theoretically and empirically grounded model of security culture. This is also the first paper explicitly aligning key concepts of security culture to design techniques and tools.

Details

Information Management & Computer Security, vol. 18 no. 5
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 4 of 4