Faily, S., 2014. Engaging Stakeholders in Security Design: An Assumption-Driven Approach. In: International Symposium on Human Aspects on Information Security & Assurance (HAISA 2014), 8--10 July 2014, Plymouth University.
Full text available as:
|
PDF
fail14.pdf - Published Version 233kB | |
Copyright to original material in this document is with the original owner(s). Access to this content through BURO is granted on condition that you use it only for research, scholarly or other non-commercial purposes. If you wish to use it for any other purposes, you must contact BU via BURO@bournemouth.ac.uk. Any third party copyright material in this document remains the property of its respective owner(s). BU grants no licence for further use of that third party material. |
Abstract
System stakeholders fail to engage with security until comparatively late in the design and development process. User Experience artefacts like personas and scenarios create this engagement, but creating and contextualising them is difficult without real-world, empirical data; such data cannot be easily elicited from disengaged stakeholders. This paper presents an approach for engaging stakeholders in the elicitation and specification of security requirements at a late-stage of a system's design; this approach relies on assumption-based personas and scenarios, which are aligned with security and requirements analysis activities. We demonstrate this approach by describing how it was used to elicit security requirements for a medical research portal.
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Uncontrolled Keywords: | Personas, Scenarios, Requirements, Risks, Context |
Group: | Faculty of Science & Technology |
ID Code: | 22055 |
Deposited By: | Symplectic RT2 |
Deposited On: | 09 Jun 2015 09:00 |
Last Modified: | 14 Mar 2022 13:51 |
Downloads
Downloads per month over past year
Repository Staff Only - |