Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Usability engineering: scenario-based development of human-computer interaction
Usability engineering: scenario-based development of human-computer interaction
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
A Paradigmatic Analysis Contrasting Information Systems Development Approaches and Methodologies
Information Systems Research
Modelling strategic relationships for process reengineering
Modelling strategic relationships for process reengineering
Threat Modeling
The Inmates Are Running the Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity (2nd Edition)
Misuse and Abuse Cases: Getting Past the Positive
IEEE Security and Privacy
Eliciting security requirements with misuse cases
Requirements Engineering
Mastering the Requirements Process (2nd Edition)
Mastering the Requirements Process (2nd Edition)
Requirements Engineering
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Integrating security and usability into the requirements and design process
International Journal of Electronic Security and Digital Forensics
Arguing Security: A Framework for Analyzing Security Requirements
Arguing Security: A Framework for Analyzing Security Requirements
Context-Sensitive Requirements and Risk Management with IRIS
RE '09 Proceedings of the 2009 17th IEEE International Requirements Engineering Conference, RE
HCSE'10 Proceedings of the Third international conference on Human-centred software engineering
Barry is not the weakest link: eliciting secure system requirements with personas
BCS '10 Proceedings of the 24th BCS Interaction Specialist Group Conference
Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS
International Journal of Secure Software Engineering
| Hi-index | 0.00 |
Despite existing work on dealing with security and usability concerns during the early stages of design, there has been little work on synthesising the contributions of these fields into processes for specifying and designing systems. Without a better understanding of how to deal with both concerns at an early stage, the design process risks disenfranchising stakeholders, and resulting systems may not be situated in their contexts of use. This paper presents the IRIS process framework, which guides technique selection when specifying usable and secure systems. The authors illustrate the framework by describing a case study where the process framework was used to derive missing requirements for an information security policy for a UK water company following reports of the Stuxnet worm. The authors conclude with three lessons informing future efforts to integrate Security, Usability, and Requirements Engineering techniques for secure system design.