Engaging stakeholders in security design: An assumption-driven approach

This source preferred by Shamal Faily

Authors: Faily, S.

http://eprints.bournemouth.ac.uk/22055/

Start date: 8 July 2014

This data was imported from DBLP:

Authors: Faily, S.

Editors: Clarke, N.L. and Furnell, S.

http://eprints.bournemouth.ac.uk/22055/

http://www.informatik.uni-trier.de/~ley/db/conf/haisa/haisa2014.html

Journal: HAISA

Pages: 21-29

Publisher: University of Plymouth

ISBN: 978-1-84102-375-5

This data was imported from Scopus:

Authors: Faily, S.

http://eprints.bournemouth.ac.uk/22055/

Journal: Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014

Pages: 21-29

ISBN: 9781841023755

System stakeholders fail to engage with security until comparatively late in the design and development process. User Experience artefacts like personas and scenarios create this engagement, but creating and contextualising them is difficult without real-world, empirical data; such data cannot be easily elicited from disengaged stakeholders. This paper presents an approach for engaging stakeholders in the elicitation and specification of security requirements at a late-stage of a system's design; this approach relies on assumption-based personas and scenarios, which are aligned with security and requirements analysis activities. We demonstrate this approach by describing how it was used to elicit security requirements for a medical research portal.

The data on this page was last updated at 04:42 on September 22, 2017.