Skip to main content

Research Repository

Advanced Search

Secure system? Challenge accepted: finding and resolving security failures using security premortems.

Faily, Shamal; Parkin, Simon; Lyle, John

Authors

Shamal Faily

Simon Parkin

John Lyle



Contributors

Shamal Faily
Editor

Ivan Fl�chais
Editor

Lizzie Coles-Kemp
Editor

Abstract

Risk-driven approaches are dominant in secure systems design; these aim to elicit and treat vulnerabilities and the threats exploiting them. Such approaches, however, are so focused on driving risks out of system design, they fail to recognise the usefulness of failure as a vehicle for security innovation. To explore the role of failure as a design tool, we present the security premortem: a participative design technique where participants assume that a system has been exploited, and plausible reasons are given for explaining why. We describe this approach and illustrate how software tools can be used to support it.

Citation

FAILY, S., PARKIN, S. and LYLE, J. 2012. Secure system? Challenge accepted: finding and resolving security failures using security premortems. In Faily, S., Fléchais, I. and Coles-Kemp, L. (eds.) Proceedings of the Designing interactive secure systems workshop (DISS 2012), part of the 26th International BCS human computer interaction conference (HCI 2012): people and computers, 11 September 2012, Birmingham, UK. Swindon: BCS [online], article number 66. Available from: https://doi.org/10.14236/ewic/HCI2012.66

Presentation Conference Type Conference Paper (published)
Conference Name Designing interactive secure systems workshop (DISS 2012), part of the 26th International BCS human computer interaction conference (HCI 2012): people and computers
Start Date Sep 11, 2012
Acceptance Date Sep 11, 2012
Online Publication Date Sep 30, 2012
Publication Date Sep 30, 2012
Deposit Date Dec 10, 2021
Publicly Available Date Dec 10, 2021
Publisher BCS, The Chartered Institute for IT
Peer Reviewed Peer Reviewed
Series Title Electronic workshops in computing
Series ISSN 1477-9358
DOI https://doi.org/10.14236/ewic/HCI2012.66
Keywords Systems security; Security risk analysis; Computer-aided integration of requirements and information security (CAIRIS); Software engineering
Public URL https://rgu-repository.worktribe.com/output/1446694
Related Public URLs (Full proceedings) https://rgu-repository.worktribe.com/output/1446739

Files




You might also like



Downloadable Citations