Skip to main content

Research Repository

Advanced Search

User-centered information security policy development in a post-Stuxnet world.

Faily, Shamal; Fléchais, Ivan

Authors

Ivan Fléchais



Abstract

A balanced approach is needed for developing information security policies in Critical National Infrastructure (CNI) contexts. Requirements Engineering methods can facilitate such an approach, but these tend to focus on either security at the expense of usability, or vice-versa, it is also uncertain whether existing techniques are useful when the time available for applying them is limited. In this paper, we describe a case study where Usability and Requirements Engineering techniques were used to derive missing requirements for an information security policy for a UK water company following reports of the Stuxnet worm. We motivate and describe the approach taken while carrying out this case study, and conclude with three lessons informing future efforts to integrate Security, Usability, and Requirements Engineering techniques for secure system design.

Citation

FAILY, S. and FLÉCHAIS, I. 2011. User-centered information security policy development in a post-Stuxnet world. In Proceedings of the 5th International workshop on secure software engineering (SecSE 2011), part of the 6th International conference on availability, reliability and security (ARES 2011), 22-26 Aug 2011, Vienna, Austria. Los Alamitos: IEEE Computer Society [online], pages 716-721. Available from: https://doi.org/10.1109/ARES.2011.111

Conference Name 5th International workshop on secure software engineering (SecSE 2011), part of the 6th International conference on availability, reliability and security (ARES 2011)
Conference Location Vienna, Austria
Start Date Aug 22, 2011
End Date Aug 26, 2011
Acceptance Date May 2, 2011
Online Publication Date Oct 17, 2011
Publication Date Dec 31, 2011
Deposit Date Dec 16, 2021
Publicly Available Date Dec 16, 2021
Publisher IEEE Computer Society
Pages 716-721
ISBN 9781457709791
DOI https://doi.org/10.1109/ARES.2011.111
Keywords Systems security; Critical infrastructure; Requirements engineering; User-centred design; User experience
Public URL https://rgu-repository.worktribe.com/output/1427794

Files

FAILY 2011 User-centered information security (3.5 Mb)
PDF

Copyright Statement
© IEEE





You might also like



Downloadable Citations