Skip to main content

Research Repository

Advanced Search

All Outputs (18)

Privacy goals for the data lifecycle. (2022)
Journal Article
HENRIKSEN-BULMER, J., YUCEL, C., FAILY, S. and CHALKIAS, I. 2022. Privacy goals for the data lifecycle. Future internet [online], 14(11), article number 315. Available from: https://doi.org/10.3390/fi14110315

The introduction of Data Protection by Default and Design (DPbDD) brought in as part of the General Data Protection Regulation (GDPR) in 2018, has necessitated that businesses review how best to incorporate privacy into their processes in a transpare... Read More about Privacy goals for the data lifecycle..

Assessing system of systems information security risk with OASoSIS. (2022)
Journal Article
KI-ARIES, D., FAILY, S., DOGAN, H. and WILLIAMS, C. 2022. Assessing system of systems information security risk with OASoSIS. Computers and security [online], 117, article 102690. Available from: https://doi.org/10.1016/j.cose.2022.102690

The term System of Systems (SoS) is used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, the SoS concept is often misunderstood within operational environments, providing challenges t... Read More about Assessing system of systems information security risk with OASoSIS..

Visualising personas as goal models to find security tensions. (2021)
Journal Article
FAILY, S., IACOB, C., ALI, R. and KI-ARIES, D. 2021. Visualising personas as goal models to find security tensions. Information and computer security [online], 29(5), pages 787-815. Available from: https://doi.org/10.1108/ICS-03-2021-0035

This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions. The authors devised an approach to partially automate the construction of social goal m... Read More about Visualising personas as goal models to find security tensions..

Evaluating privacy: determining user privacy expectations on the web. (2021)
Journal Article
PILTON, C., FAILY, S., and HENRIKSEN-BULMER, J. 2021. Evaluating privacy: determining user privacy expectations on the web. Computers and security [online], 105, article 102241. Available from: https://doi.org/10.1016/j.cose.2021.102241

Individuals don’t often have privacy expectations. When asked to consider them, privacy realities were frequently perceived not to meet these expectations. Some websites exploit the trust of individuals by selling, sharing, or analysing their data. W... Read More about Evaluating privacy: determining user privacy expectations on the web..

DPIA in context: applying DPIA to assess privacy risks of cyber physical systems. (2020)
Journal Article
HENRIKSEN-BULMER, J., FAILY, S. and JEARY, S. 2020. DPIA in context: applying DPIA to assess privacy risks of cyber physical systems. Future internet [online], 12(5), article 93. Available from: https://doi.org/10.3390/fi12050093

Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexi... Read More about DPIA in context: applying DPIA to assess privacy risks of cyber physical systems..

Exploring the gap between the student expectations and the reality of teamwork in undergraduate software engineering group projects. (2019)
Journal Article
IACOB, C. and FAILY, S. 2019. Exploring the gap between the student expectations and the reality of teamwork in undergraduate software engineering group projects. Journal of systems and software [online], 157, article number 110393. Available from: https://doi.org/10.1016/j.jss.2019.110393

Software engineering group projects aim to provide a nurturing environment for learning about teamwork in software engineering. Since social and teamwork issues have been consistently identified as serious problems in such projects, we aim to better... Read More about Exploring the gap between the student expectations and the reality of teamwork in undergraduate software engineering group projects..

A normative decision-making model for cyber security. (2019)
Journal Article
M'MANGA, A., FAILY, S., MCALANEY, J., WILLIAMS, C., KADOBAYASHI, Y. and MIYAMOTO, D. 2019. A normative decision-making model for cyber security. Information and computer security [online], 27(5), pages 636-646. Available from: https://doi.org/10.1108/ICS-01-2019-0021

The purpose of this paper is to investigate security decision-making during risk and uncertain conditions, and to propose a normative model capable of tracing the decision rationale. The proposed risk rationalisation model is grounded in literature a... Read More about A normative decision-making model for cyber security..

Privacy risk assessment in context: a meta-model based on contextual integrity. (2019)
Journal Article
HENRIKSEN-BULMER, J., FAILY, S. and JEARY, S. 2019. Privacy risk assessment in context: a meta-model based on contextual integrity. Computers and security [online], 82, pages 270-283. Available from: https://doi.org/10.1016/j.cose.2019.01.003

Publishing data in open format is a growing trend, particularly for public bodies who have a legal obligation to make data available as open data. We look at the privacy implications of publishing open data and, in particular, how organisations can m... Read More about Privacy risk assessment in context: a meta-model based on contextual integrity..

Persona-centred information security awareness. (2017)
Journal Article
KI-ARIES, D. and FAILY, S. 2017. Persona-centred information security awareness. Computers and security [online] 70, pages 663-674. Available from: https://doi.org/10.1016/j.cose.2017.08.001

Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One appr... Read More about Persona-centred information security awareness..

Human aspects of digital rights management: the perspective of content developers. [Journal Article] (2016)
Journal Article
FAVALE, M., MCDONALD, N., FAILY, S. and GATZIDIS, C. 2016. Human aspects of digital rights management: the perspective of content developers. SCRIPTed [online], 13(3), pages 289-304. Available from: https://doi.org/10.2966/scrip.130316.289

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security a... Read More about Human aspects of digital rights management: the perspective of content developers. [Journal Article].

Gulfs of expectation: eliciting and verifying differences in trust expectations using personas (2016)
Journal Article
FAILY, S., POWER, D. and FLÉCHAIS, I. 2016. Gulfs of expectation: eliciting and verifying differences in trust expectations using personas. Journal of trust management [online], 3, article number 4. Available from: https://doi.org/10.1186/s40493-016-0025-9

Personas are a common tool used in Human Computer Interaction to represent the needs and expectations of a system's stakeholders, but they are also grounded in large amounts of qualitative data. Our aim is to make use of this data to anticipate the d... Read More about Gulfs of expectation: eliciting and verifying differences in trust expectations using personas.

Engaging stakeholders during late stage security design with assumption personas. (2015)
Journal Article
FAILY, S. 2015. Engaging stakeholders during late stage security design with assumption personas. Information and computer security [online], 23(4), pages 435-446. Available from: https://doi.org/10.1108/ICS-10-2014-0066

This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system's design. The author has devised an approach for developing ass... Read More about Engaging stakeholders during late stage security design with assumption personas..

Guest editorial preface: special issue on Evolving security and privacy requirements engineering (ESPRE'14) 2014, Sweden. (2015)
Journal Article
BECKERS, K., FAILY, S., LEE, S.-W. and MEAD, N. 2015. Guest editorial preface: special issue on Evolving security and privacy requirements engineering (ESPRE'14) 2014, Sweden. International journal of secure software engineering [online], 6(1), pages iv-vii. Available from: https://bit.ly/3pGkcZD

At the Evolving Security and Privacy Requirements Engineering (ESPRE) workshop, practitioners and researchers interested in security and privacy requirements gather to discuss significant issues in the field. In particular, ESPRE participants probe t... Read More about Guest editorial preface: special issue on Evolving security and privacy requirements engineering (ESPRE'14) 2014, Sweden..

Finding and resolving security misusability with misusability cases. (2014)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2016. Finding and resolving security misusability with misusability cases. Requirements engineering [online], 21(2), pages 209-223. Available from: https://doi.org/10.1007/s00766-014-0217-8

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly descr... Read More about Finding and resolving security misusability with misusability cases..

Eliciting policy requirements for critical national infrastructure using the IRIS framework. (2011)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2011. Eliciting policy requirements for critical national infrastructure using the IRIS framework. International journal of secure software engineering [online], 2(4), pages 1-18. Available from: https://doi.org/10.4018/jsse.2011100101

Despite existing work on dealing with security and usability concerns during the early stages of design, there has been little work on synthesising the contributions of these fields into processes for specifying and designing systems. Without a bette... Read More about Eliciting policy requirements for critical national infrastructure using the IRIS framework..

Seeking the philosopher's stone. (2011)
Journal Article
FLÉCHAIS, I. and FAILY, S. 2011. Seeking the philosopher's stone. Interfaces: the quarterly magazine of BCS Interaction Group [online], 86, pages 14-15. Available from: https://www.bcs.org/media/5326/interfaces86-spring2011.pdf

This article describes the unique challenges facing usable security research and design, and introduces three proposals for addressing these. For all intents and purposes, security design is currently a craft, where quality is dependent on individual... Read More about Seeking the philosopher's stone..

Designing and aligning e-science security culture with design. (2010)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2010. Designing and aligning e-science security culture with design. Information management and computer security [online], 18(5): selected papers from the South African information security multi-conference (SAISMC 2010), 17-18 May 2010, Port Elizabeth, South Africa, pages 339-349. Available from: https://doi.org/10.1108/09685221011095254

The purpose of this paper is to identify the key cultural concepts affecting security in multi-organisational systems, and to align these with design techniques and tools. A grounded theory model of security culture was derived from the related secur... Read More about Designing and aligning e-science security culture with design..

Towards tool-support for usable secure requirements engineering with CAIRIS. (2010)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2010. Towards tool-support for usable secure requirements engineering with CAIRIS. International journal of secure software engineering [online], 1(3), pages 56-70. Available from: https://doi.org/10.4018/jsse.2010070104

Understanding how to better elicit, specify, and manage requirements for secure and usable software systems is a key challenge in security software engineering, however, there lacks tool-support for specifying and managing the voluminous amounts of d... Read More about Towards tool-support for usable secure requirements engineering with CAIRIS..