Faily, S., 2015. Engaging Stakeholders during Late Stage Security Design with Assumption Personas. Information and Computer Security, 23 (4), pp. 435-446.
Full text available as:
PDF (OPEN ACCESS ARTICLE)
ICS-10-2014-0066.pdf - Accepted Version
Available under License Creative Commons Attribution.
Purpose – This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system’s design. Design/methodology/approach – The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system’s design. The author validates this approach using a case study in the e-Science domain. Findings – Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparatively late stage. Security design techniques should scale to working with sub-optimal input data. Originality/value – This paper contributes an approach where assumption personas engage project team members when eliciting and specifying security requirements at the late stages of a project.
|Uncontrolled Keywords:||Information security, Business analysis, Software engineering|
|Group:||Faculty of Science and Technology|
|Deposited By:||Unnamed user with email symplectic@symplectic|
|Deposited On:||19 Oct 2015 10:15|
|Last Modified:||19 Oct 2015 10:15|
Downloads per month over past year
|Repository Staff Only -|