Engaging stakeholders in security design: An assumption-driven approach

Authors: Faily, S.

Journal: Proceedings of the 8th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2014

Pages: 21-29

ISBN: 9781841023755

Abstract:

System stakeholders fail to engage with security until comparatively late in the design and development process. User Experience artefacts like personas and scenarios create this engagement, but creating and contextualising them is difficult without real-world, empirical data; such data cannot be easily elicited from disengaged stakeholders. This paper presents an approach for engaging stakeholders in the elicitation and specification of security requirements at a late-stage of a system's design; this approach relies on assumption-based personas and scenarios, which are aligned with security and requirements analysis activities. We demonstrate this approach by describing how it was used to elicit security requirements for a medical research portal.

https://eprints.bournemouth.ac.uk/22055/

Source: Scopus

Engaging Stakeholders in Security Design: An Assumption-Driven Approach

Authors: Faily, S.

Conference: International Symposium on Human Aspects on Information Security & Assurance (HAISA 2014)

Dates: 8-10 July 2014

https://eprints.bournemouth.ac.uk/22055/

Source: Manual

Engaging Stakeholders in Security Design: An Assumption-Driven Approach.

Authors: Faily, S.

Editors: Clarke, N.L. and Furnell, S.

Journal: HAISA

Pages: 21-29

Publisher: University of Plymouth

ISBN: 978-1-84102-375-5

https://eprints.bournemouth.ac.uk/22055/

http://www.informatik.uni-trier.de/~ley/db/conf/haisa/haisa2014.html

Source: DBLP