Skip to main content

Research Repository

Advanced Search

Dr Shamal Faily


Ethical dilemmas and dimensions in penetration testing. (2015)
Conference Proceeding
FAILY, S., MCALANEY, J. and IACOB, C. 2015. Ethical dilemmas and dimensions in penetration testing. In Furnell, S.M. and Clarke, N.L. (eds.) Proceedings of the 9th International symposium on human aspects of information security and assurance (HAISA 2015), 1-3 July 2015, Mytilene, Greece. Plymouth: Plymouth University, pages 233-242.

Penetration testers are required to attack systems to evaluate their security, but without engaging in unethical behaviour while doing so. Despite work on hacker values and studies into security practice, there is little literature devoted to the eth... Read More about Ethical dilemmas and dimensions in penetration testing..

Digital rights management: the four perspectives of developers, distributors, users and lawyers. (2015)
Conference Proceeding
MCDONALD, N., FAILY, S., FAVALE, M. and GATZIDIS, C. 2015. Digital rights management: the four perspectives of developers, distributors, users and lawyers. In Furnell, S.M. and Clarke, N.L. (eds.) Proceedings of the 9th International symposium on human aspects of information security and assurance (HAISA 2015), 1-3 July 2015, Mytilene, Greece. Plymouth: Plymouth University, pages 276-285.

Digital Rights Management (DRM) refers to a collection of security mechanisms that are widely deployed on a number of copyright-protected digital assets. However, despite the existence of a number of studies of the technical architectures of rights m... Read More about Digital rights management: the four perspectives of developers, distributors, users and lawyers..

Usability and security by design: a case study in research and development. (2015)
Conference Proceeding
FAILY, S., LYLE, J., FLÉCHAIS, I. and SIMPSON, A. 2015. Usability and security by design: a case study in research and development. In Proceedings of the 2015 Workshop on useable security (USEC 2015), co-located with the 2015 Network and distributed system security symposium (NDSS 2015), 8 February 2015, San Diego, USA. Reston: Internet Society [online]. Available from: https://doi.org/10.14722/usec.2015.23012

There is ongoing interest in utilising user experiences associated with security and privacy to better inform system design and development. However, there are few studies demonstrating how, together, security and usability design techniques can help... Read More about Usability and security by design: a case study in research and development..

Mitigating circumstances in cybercrime: a position paper. (2015)
Conference Proceeding
ALI, R., MCALANEY, J., FAILY, S., PHALP, K. and KATOS, V. 2015. Mitigating circumstances in cybercrime: a position paper. In Wu, Y., Min, G., Georgalas, N., Hu, J., Atzori, L., Jin, X., Jarvis, S., Liu, L. and Agüero Calvo, R. (eds.) CIT/IUCC/DASC/PICom 2015: proceedings of the 3rd International workshop on cybercrimes and emerging web environments (CEWE 2015), part of the 13th IEEE international conference on dependable, autonomic and secure computing (DASC 2015), co-located with the 15th IEEE international conference on computer and information technology (CIT 2015), the 14th IEEE international conference on ubiquitous computing and communications (IUCC 2015), and the 13th IEEE international conference on pervasive intelligence and computing (PICom 2015), 26-28 October 2015, Liverpool, UK. Los Alamitos: IEEE Computer Society [online], pages 1972-1976. Available from: https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.292

This paper argues the need for considering mitigating circumstances in cybercrime. Mitigating circumstances are conditions which moderate the culpability of an offender of a committed offence. Our argument is based on several observations. The cybers... Read More about Mitigating circumstances in cybercrime: a position paper..

Human aspects of digital rights management: the perspective of content developers. [Conference Paper] (2015)
Presentation / Conference
FAVALE, M., MCDONALD, N., FAILY, S. and GATZIDIS, C. 2015. Human aspects of digital rights management: the perspective of content developers. Presented at the 4th International workshop on artificial intelligence and IP law (AIIP 2015): the story(s) of copyright, 9 December 2015, Braga, Portugal.

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security a... Read More about Human aspects of digital rights management: the perspective of content developers. [Conference Paper].

Engaging stakeholders during late stage security design with assumption personas. (2015)
Journal Article
FAILY, S. 2015. Engaging stakeholders during late stage security design with assumption personas. Information and computer security [online], 23(4), pages 435-446. Available from: https://doi.org/10.1108/ICS-10-2014-0066

This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system's design. The author has devised an approach for developing ass... Read More about Engaging stakeholders during late stage security design with assumption personas..

The mystery of security design. (2015)
Presentation / Conference
VALLINDRAS, A. and FAILY, S. 2015. The mystery of security design. Presented at the 29th British human computer interaction conference (British HCI 2015), 13-17 July 2015, Lincoln, UK.

Designing for security is hard without security getting in the way of design. Unfortunately, security is often promoted through fear, uncertainty, and doubt (FUD). As a result, the scale of FUD has now become so great that it hinders people's ability... Read More about The mystery of security design..

Embedding professional practice into the cybersecurity curriculum using ethics. (2015)
Presentation / Conference
FAILY, S. and JONES, M. 2015. Embedding professional practice into the cybersecurity curriculum using ethics. Presented at the UK workshop on cybersecurity training and education, 11 June 2015, Liverpool, UK.

Cybersecurity graduates are ready to tackle the technical problems they might face, but employability needs to be incorporated into the curriculum should they wish to tackle ill-defined professional challenges as well. We describe how employability w... Read More about Embedding professional practice into the cybersecurity curriculum using ethics..

Guest editorial preface: special issue on Evolving security and privacy requirements engineering (ESPRE'14) 2014, Sweden. (2015)
Journal Article
BECKERS, K., FAILY, S., LEE, S.-W. and MEAD, N. 2015. Guest editorial preface: special issue on Evolving security and privacy requirements engineering (ESPRE'14) 2014, Sweden. International journal of secure software engineering [online], 6(1), pages iv-vii. Available from: https://bit.ly/3pGkcZD

At the Evolving Security and Privacy Requirements Engineering (ESPRE) workshop, practitioners and researchers interested in security and privacy requirements gather to discuss significant issues in the field. In particular, ESPRE participants probe t... Read More about Guest editorial preface: special issue on Evolving security and privacy requirements engineering (ESPRE'14) 2014, Sweden..

The social psychology of cybersecurity. (2015)
Conference Proceeding
MCALANEY, J., TAYLOR, J. and FAILY, S. 2015. The social psychology of cybersecurity. In Proceedings of the 1st International conference on cyber security for sustainable society, 26-27 February 2015, Coventry, UK. Working papers of the SSN+, 3. London: Sustainable Society Network+, pages 686-689.

As the fields of HCI, cybersecurity and psychology continue to grow and diversify, there is greater overlap between these areas and new opportunities for interdisciplinary collaboration. This paper argues for a focus specifically on the role of socia... Read More about The social psychology of cybersecurity..