Engaging Stakeholders in Security Design: An Assumption-Driven Approach.

Faily, S., 2014. Engaging Stakeholders in Security Design: An Assumption-Driven Approach. In: International Symposium on Human Aspects on Information Security & Assurance (HAISA 2014), 8--10 July 2014, Plymouth University.

Full text available as:

fail14.pdf - Published Version



System stakeholders fail to engage with security until comparatively late in the design and development process. User Experience artefacts like personas and scenarios create this engagement, but creating and contextualising them is difficult without real-world, empirical data; such data cannot be easily elicited from disengaged stakeholders. This paper presents an approach for engaging stakeholders in the elicitation and specification of security requirements at a late-stage of a system's design; this approach relies on assumption-based personas and scenarios, which are aligned with security and requirements analysis activities. We demonstrate this approach by describing how it was used to elicit security requirements for a medical research portal.

Item Type:Conference or Workshop Item (Paper)
Uncontrolled Keywords:Personas, Scenarios, Requirements, Risks, Context
Group:Faculty of Science and Technology
ID Code:22055
Deposited By: Unnamed user with email symplectic@symplectic
Deposited On:09 Jun 2015 09:00
Last Modified:09 Jun 2015 09:00


Downloads per month over past year

More statistics for this item...
Repository Staff Only -