Shamal Faily
Eliciting policy requirements for critical national infrastructure using the IRIS framework.
Faily, Shamal; Fl�chais, Ivan
Authors
Ivan Fl�chais
Abstract
Despite existing work on dealing with security and usability concerns during the early stages of design, there has been little work on synthesising the contributions of these fields into processes for specifying and designing systems. Without a better understanding of how to deal with both concerns at an early stage, the design process risks disenfranchising stakeholders, and resulting systems may not be situated in their contexts of use. This paper presents the IRIS process framework, which guides technique selection when specifying usable and secure systems. The authors illustrate the framework by describing a case study where the process framework was used to derive missing requirements for an information security policy for a UK water company following reports of the Stuxnet worm. The authors conclude with three lessons informing future efforts to integrate Security, Usability, and Requirements Engineering techniques for secure system design.
Citation
FAILY, S. and FLÉCHAIS, I. 2011. Eliciting policy requirements for critical national infrastructure using the IRIS framework. International journal of secure software engineering [online], 2(4), pages 1-18. Available from: https://doi.org/10.4018/jsse.2011100101
Journal Article Type | Article |
---|---|
Acceptance Date | Oct 1, 2011 |
Online Publication Date | Oct 1, 2011 |
Publication Date | Dec 31, 2011 |
Deposit Date | Sep 16, 2021 |
Publicly Available Date | Dec 21, 2021 |
Journal | International journal of secure software engineering |
Print ISSN | 1947-3036 |
Electronic ISSN | 1947-3044 |
Publisher | IGI Global |
Peer Reviewed | Peer Reviewed |
Volume | 2 |
Issue | 4 |
Pages | 1-18 |
DOI | https://doi.org/10.4018/jsse.2011100101 |
Keywords | Computer-aided integration of requirements and information security (CAIRIS); Integrating requirements and information security (IRIS); Knowledge acquisition in automated specification (KAOS); Misuse cases; User personas |
Public URL | https://rgu-repository.worktribe.com/output/1437191 |
Additional Information | This article has also been published as a book chapter, with the following citation: FAILY, S. and FLÉCHAIS, I. 2013. Eliciting policy requirements for critical national infrastructure using the IRIS framework. In Khan, K.M. (ed.) Developing and evaluating security-aware software systems. Hershey: IGI Global [online], chapter 3, pages 36-55. Available from: https://doi.org/10.4018/978-1-4666-2482-5.ch003 |
Files
FAILY 2011 Eliciting policy requirements for critical
(1.6 Mb)
PDF
Copyright Statement
© IGI Global
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search