Skip to main content

Research Repository

Advanced Search

Eliciting policy requirements for critical national infrastructure using the IRIS framework.

Faily, Shamal; Fl�chais, Ivan

Authors

Shamal Faily

Ivan Fl�chais



Abstract

Despite existing work on dealing with security and usability concerns during the early stages of design, there has been little work on synthesising the contributions of these fields into processes for specifying and designing systems. Without a better understanding of how to deal with both concerns at an early stage, the design process risks disenfranchising stakeholders, and resulting systems may not be situated in their contexts of use. This paper presents the IRIS process framework, which guides technique selection when specifying usable and secure systems. The authors illustrate the framework by describing a case study where the process framework was used to derive missing requirements for an information security policy for a UK water company following reports of the Stuxnet worm. The authors conclude with three lessons informing future efforts to integrate Security, Usability, and Requirements Engineering techniques for secure system design.

Citation

FAILY, S. and FLÉCHAIS, I. 2011. Eliciting policy requirements for critical national infrastructure using the IRIS framework. International journal of secure software engineering [online], 2(4), pages 1-18. Available from: https://doi.org/10.4018/jsse.2011100101

Journal Article Type Article
Acceptance Date Oct 1, 2011
Online Publication Date Oct 1, 2011
Publication Date Dec 31, 2011
Deposit Date Sep 16, 2021
Publicly Available Date Mar 28, 2024
Journal International journal of secure software engineering
Print ISSN 1947-3036
Electronic ISSN 1947-3044
Publisher IGI Global
Peer Reviewed Peer Reviewed
Volume 2
Issue 4
Pages 1-18
DOI https://doi.org/10.4018/jsse.2011100101
Keywords Computer-aided integration of requirements and information security (CAIRIS); Integrating requirements and information security (IRIS); Knowledge acquisition in automated specification (KAOS); Misuse cases; User personas
Public URL https://rgu-repository.worktribe.com/output/1437191
Additional Information This article has also been published as a book chapter, with the following citation: FAILY, S. and FLÉCHAIS, I. 2013. Eliciting policy requirements for critical national infrastructure using the IRIS framework. In Khan, K.M. (ed.) Developing and evaluating security-aware software systems. Hershey: IGI Global [online], chapter 3, pages 36-55. Available from: https://doi.org/10.4018/978-1-4666-2482-5.ch003

Files

FAILY 2011 Eliciting policy requirements for critical (1.6 Mb)
PDF

Copyright Statement
© IGI Global




You might also like



Downloadable Citations