Assessing system of systems information security risk with OASoSIS. (2022)
Journal Article
KI-ARIES, D., FAILY, S., DOGAN, H. and WILLIAMS, C. 2022. Assessing system of systems information security risk with OASoSIS. Computers and security [online], 117, article 102690. Available from: https://doi.org/10.1016/j.cose.2022.102690

The term System of Systems (SoS) is used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, the SoS concept is often misunderstood within operational environments, providing challenges t... Read More about Assessing system of systems information security risk with OASoSIS..

Visualising personas as goal models to find security tensions. (2021)
Journal Article
FAILY, S., IACOB, C., ALI, R. and KI-ARIES, D. 2021. Visualising personas as goal models to find security tensions. Information and computer security [online], 29(5), pages 787-815. Available from: https://doi.org/10.1108/ICS-03-2021-0035

This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions. The authors devised an approach to partially automate the construction of social goal m... Read More about Visualising personas as goal models to find security tensions..

Evaluating privacy: determining user privacy expectations on the web. (2021)
Journal Article
PILTON, C., FAILY, S., and HENRIKSEN-BULMER, J. 2021. Evaluating privacy: determining user privacy expectations on the web. Computers and security [online], 105, article 102241. Available from: https://doi.org/10.1016/j.cose.2021.102241

Individuals don’t often have privacy expectations. When asked to consider them, privacy realities were frequently perceived not to meet these expectations. Some websites exploit the trust of individuals by selling, sharing, or analysing their data. W... Read More about Evaluating privacy: determining user privacy expectations on the web..

DPIA in context: applying DPIA to assess privacy risks of cyber physical systems. (2020)
Journal Article
HENRIKSEN-BULMER, J., FAILY, S. and JEARY, S. 2020. DPIA in context: applying DPIA to assess privacy risks of cyber physical systems. Future internet [online], 12(5), article 93. Available from: https://doi.org/10.3390/fi12050093

Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexi... Read More about DPIA in context: applying DPIA to assess privacy risks of cyber physical systems..

Exploring the gap between the student expectations and the reality of teamwork in undergraduate software engineering group projects. (2019)
Journal Article
IACOB, C. and FAILY, S. 2019. Exploring the gap between the student expectations and the reality of teamwork in undergraduate software engineering group projects. Journal of systems and software [online], 157, article number 110393. Available from: https://doi.org/10.1016/j.jss.2019.110393

Software engineering group projects aim to provide a nurturing environment for learning about teamwork in software engineering. Since social and teamwork issues have been consistently identified as serious problems in such projects, we aim to better... Read More about Exploring the gap between the student expectations and the reality of teamwork in undergraduate software engineering group projects..

A normative decision-making model for cyber security. (2019)
Journal Article
M'MANGA, A., FAILY, S., MCALANEY, J., WILLIAMS, C., KADOBAYASHI, Y. and MIYAMOTO, D. 2019. A normative decision-making model for cyber security. Information and computer security [online], 27(5), pages 636-646. Available from: https://doi.org/10.1108/ICS-01-2019-0021

The purpose of this paper is to investigate security decision-making during risk and uncertain conditions, and to propose a normative model capable of tracing the decision rationale. The proposed risk rationalisation model is grounded in literature a... Read More about A normative decision-making model for cyber security..

Privacy risk assessment in context: a meta-model based on contextual integrity. (2019)
Journal Article
HENRIKSEN-BULMER, J., FAILY, S. and JEARY, S. 2019. Privacy risk assessment in context: a meta-model based on contextual integrity. Computers and security [online], 82, pages 270-283. Available from: https://doi.org/10.1016/j.cose.2019.01.003

Publishing data in open format is a growing trend, particularly for public bodies who have a legal obligation to make data available as open data. We look at the privacy implications of publishing open data and, in particular, how organisations can m... Read More about Privacy risk assessment in context: a meta-model based on contextual integrity..

Persona-centred information security awareness. (2017)
Journal Article
KI-ARIES, D. and FAILY, S. 2017. Persona-centred information security awareness. Computers and security [online] 70, pages 663-674. Available from: https://doi.org/10.1016/j.cose.2017.08.001

Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One appr... Read More about Persona-centred information security awareness..

Human aspects of digital rights management: the perspective of content developers. [Journal Article] (2016)
Journal Article
FAVALE, M., MCDONALD, N., FAILY, S. and GATZIDIS, C. 2016. Human aspects of digital rights management: the perspective of content developers. SCRIPTed [online], 13(3), pages 289-304. Available from: https://doi.org/10.2966/scrip.130316.289

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security a... Read More about Human aspects of digital rights management: the perspective of content developers. [Journal Article].

Gulfs of expectation: eliciting and verifying differences in trust expectations using personas (2016)
Journal Article
FAILY, S., POWER, D. and FLÉCHAIS, I. 2016. Gulfs of expectation: eliciting and verifying differences in trust expectations using personas. Journal of trust management [online], 3, article number 4. Available from: https://doi.org/10.1186/s40493-016-0025-9

Personas are a common tool used in Human Computer Interaction to represent the needs and expectations of a system's stakeholders, but they are also grounded in large amounts of qualitative data. Our aim is to make use of this data to anticipate the d... Read More about Gulfs of expectation: eliciting and verifying differences in trust expectations using personas.