In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2014)
Title: Engaging Stakeholders in Security Design: An Assumption-Driven Approach
Author(s): Shamal Faily
Keywords: Personas, Scenarios, Requirements, Risks, Context
Abstract: System stakeholders fail to engage with security until comparatively late in the design and development process. User Experience artefacts like personas and scenarios create this engagement, but creating and contextualising them is difficult without real-world, empirical data; such data cannot be easily elicited from disengaged stakeholders. This paper presents an approach for engaging stakeholders in the elicitation and specification of security requirements at a late-stage of a system's design; this approach relies on assumption-based personas and scenarios, which are aligned with security and requirements analysis activities. We demonstrate this approach by describing how it was used to elicit security requirements for a medical research portal.
Download count: 1328
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.