Engaging stakeholders during late stage security design with assumption personas

Purpose – This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system’s design. Design/methodology/approach – The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system’s design. The author validates this approach using a case study in the e-Science domain. Findings – Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparatively late stage. Security design techniques should scale to working with sub-optimal input data. Originality/value – This paper contributes an approach where assumption personas engage project team members when eliciting and specifying security requirements at the late stages of a project.

MoreLess

Year of publication:	2015
Authors:	Faily, Shamal
Published in:	Information & Computer Security. - Emerald Group Publishing Limited, ISSN 2056-497X, ZDB-ID 2810936-3. - Vol. 23.2015, 4, p. 435-446
Publisher:	Emerald Group Publishing Limited
Subject:	Information security \| Business analysis \| Software engineering

More details

Type of publication:	Article
Type of publication (narrower categories):	research-article
Language:	English
Other identifiers:	10.1108/ICS-10-2014-0066 [DOI]
Source:	Other ZBW resources

Persistent link: https://www.econbiz.de/10014754848