{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T21:08:06Z","timestamp":1743023286519,"version":"3.40.3"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319728162"},{"type":"electronic","value":"9783319728179"}],"license":[{"start":{"date-parts":[[2017,12,22]],"date-time":"2017-12-22T00:00:00Z","timestamp":1513900800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-72817-9_15","type":"book-chapter","created":{"date-parts":[[2017,12,21]],"date-time":"2017-12-21T16:44:29Z","timestamp":1513874669000},"page":"229-249","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["What Users Want: Adapting Qualitative Research Methods to Security Policy Elicitation"],"prefix":"10.1007","author":[{"given":"Vivien M.","family":"Rooney","sequence":"first","affiliation":[]},{"given":"Simon N.","family":"Foley","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,12,22]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"Adams, A., Lunt, P., Cairns, P.: A qualititative approach to HCI research. In: Cairns, P., Cox, A. (eds.) Research Methods for Human-Computer Interaction. Cambridge University Press (2008)","key":"15_CR1","DOI":"10.1017\/CBO9780511814570.008"},{"issue":"12","key":"15_CR2","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1145\/322796.322806","volume":"42","author":"A Adams","year":"1999","unstructured":"Adams, A., Sasse, M.: Users are not the enemy. CACM 42(12), 40\u201346 (1999)","journal-title":"CACM"},{"doi-asserted-by":"crossref","unstructured":"Ahern, S., Eckles, D., Good, N.S., King, S., Naaman, M.: Over-exposed? Privacy patterns and considerations in online and mobile photo sharing. In: SIGCHI Conference on Human Factors in Computing Systems, pp. 357\u2013366 (2007)","key":"15_CR3","DOI":"10.1145\/1240624.1240683"},{"doi-asserted-by":"crossref","unstructured":"Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: Symposium on Access control Models and Technologies (2003)","key":"15_CR4","DOI":"10.1145\/775412.775425"},{"key":"15_CR5","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-94-011-2094-4_6","volume-title":"European Conference on Computer Supported Cooperative Work","author":"V Bellotti","year":"1993","unstructured":"Bellotti, V., Sellen, A.: Design for privacy in ubiquitous computing environments. In: de Michelis, G., Simone, C., Schmidt, K. (eds.) European Conference on Computer Supported Cooperative Work, pp. 77\u201392. Springer, Dordrecht (1993). https:\/\/doi.org\/10.1007\/978-94-011-2094-4_6"},{"issue":"1","key":"15_CR6","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/TSE.2007.70746","volume":"34","author":"T Breaux","year":"2008","unstructured":"Breaux, T., Ant\u00f3n, A.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34(1), 5\u201320 (2008)","journal-title":"IEEE Trans. Softw. Eng."},{"unstructured":"Cadiz, J., Gupta, A.: Privacy interfaces for collaboration. Technical report MSR-TR-2001-82, Microsoft Research, Redmond, WA (2001)","key":"15_CR7"},{"issue":"5","key":"15_CR8","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MSP.2016.95","volume":"14","author":"DD Caputo","year":"2016","unstructured":"Caputo, D.D., Pfleeger, S.L., Sasse, M.A., Ammann, P., Offutt, J., Deng, L.: Barriers to usable security? Three organizational case studies. IEEE Secur. Priv. 14(5), 22\u201332 (2016). https:\/\/doi.org\/10.1109\/MSP.2016.95","journal-title":"IEEE Secur. Priv."},{"key":"15_CR9","volume-title":"Constructing Grounded Theory","author":"K Charmaz","year":"2006","unstructured":"Charmaz, K.: Constructing Grounded Theory. Sage Publications, London (2006)"},{"issue":"1\/2","key":"15_CR10","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1108\/18363261011106858","volume":"3","author":"K Charmaz","year":"2010","unstructured":"Charmaz, K.: Disclosing illness and disability in the workplace. J. Int. Educ. Bus. 3(1\/2), 6\u201319 (2010)","journal-title":"J. Int. Educ. Bus."},{"unstructured":"Darwiche, A., et al.: SamIam: Sensitivity Analysis, Modeling, Inference and More. UCLA Automated Reasoning Group. http:\/\/reasoning.cs.ucla.edu\/samiam\/ . Accessed 07 July 2017","key":"15_CR11"},{"unstructured":"Dodier-Lazaro, S., Abu-Salma, R., Becker, I., Sasse, M.A.: From paternalistic to user-centred security: putting users first with value-sensitive design. In: Proceedings of the 3rd CHI Workshop on Values in Computing (2017)","key":"15_CR12"},{"issue":"6","key":"15_CR13","doi-asserted-by":"crossref","first-page":"391","DOI":"10.1007\/s00779-004-0308-5","volume":"8","author":"P Dourish","year":"2004","unstructured":"Dourish, P., Grinter, E., de la Flor, J.D., Joseph, M.: Security in the wild: user strategies for managing security as an everyday, practical problem. Pers. Ubiquit. Comput. 8(6), 391\u2013401 (2004)","journal-title":"Pers. Ubiquit. Comput."},{"issue":"3","key":"15_CR14","doi-asserted-by":"crossref","first-page":"53","DOI":"10.5381\/jot.2003.2.3.c6","volume":"2","author":"D Firesmith","year":"2003","unstructured":"Firesmith, D.: Security use cases. J. Object Technol. 2(3), 53\u201364 (2003)","journal-title":"J. Object Technol."},{"issue":"1","key":"15_CR15","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1504\/IJESDF.2007.013589","volume":"1","author":"I Flechais","year":"2007","unstructured":"Flechais, I., Mascolo, C., Sasse, M.: Integrating security and usability into the requirements and design process. Int. J. Electron. Secur. Digit. Forensic 1(1), 12\u201326 (2007)","journal-title":"Int. J. Electron. Secur. Digit. Forensic"},{"key":"15_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1007\/978-3-642-36213-2_33","volume-title":"Security Protocols XVII","author":"SN Foley","year":"2013","unstructured":"Foley, S.N., Rooney, V.M.: Qualitative analysis for trust management. In: Christianson, B., Malcolm, J.A., Maty\u00e1\u0161, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 298\u2013307. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36213-2_33"},{"doi-asserted-by":"crossref","unstructured":"Hakkila, J., Chatfield, C.: It\u2019s like if you opened someone else\u2019s letter: user perceived privacy and social practices with SMS communication. In: CHI 05: MobileCHI, 7th International Conference on Human Computer Interaction with Mobile Devices and Services, pp. 357\u2013366 (2005)","key":"15_CR17","DOI":"10.1145\/1085777.1085814"},{"doi-asserted-by":"crossref","unstructured":"Inglesant, P., Sasse, A., Chadwick, D., Shi, L.: Expressions of expertness: the virtuous circle of natural language for access control policy specification. In: Symposium on Usable Privacy and Security (SOUPS) 2008, Pittsburg, PA, USA (2008)","key":"15_CR18","DOI":"10.1145\/1408664.1408675"},{"doi-asserted-by":"crossref","unstructured":"Jendricke, U., Gerd tom Markotten, D.: Usability meets security - the identity-manager as your personal security assistant for the internet. In: 16th Annual Computer Security Applications Conference (2000)","key":"15_CR19","DOI":"10.1109\/ACSAC.2000.898889"},{"key":"15_CR20","series-title":"Learning the Craft of Qualitative Research Interviewing","volume-title":"InterViews","author":"S Kvale","year":"2009","unstructured":"Kvale, S., Brinkmann, S.: InterViews. Learning the Craft of Qualitative Research Interviewing, 2nd edn. Sage Publications, London (2009)","edition":"2"},{"key":"15_CR21","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1016\/0167-9473(93)E0056-A","volume":"19","author":"S Lauritzen","year":"1995","unstructured":"Lauritzen, S.: The EM algorithm for graphical association models with missing data. Comput. Stat. Data Anal. 19, 191\u2013201 (1995)","journal-title":"Comput. Stat. Data Anal."},{"key":"15_CR22","series-title":"Studies in Computational Intelligence","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1007\/978-3-642-05183-8_6","volume-title":"Advances in Intelligent Information Systems","author":"F Massacci","year":"2010","unstructured":"Massacci, F., Mylopoulos, J., Zannone, N.: Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Ras, Z.W., Tsay, L.S. (eds.) Advances in Intelligent Information Systems. Studies in Computational Intelligence, vol. 265, pp. 147\u2013174. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-05183-8_6"},{"issue":"2","key":"15_CR23","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285\u2013309 (2007)","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"doi-asserted-by":"crossref","unstructured":"O\u2019Connell, D.C., Kowal, S.: Basic principles of transcription. In: Smith, J.A., Harre, R., Van Langenhove, L. (eds.) Rethinking Methods in Psychology. Part II, Discourse as Topic, Chap. 7. Sage Publications, London (1995)","key":"15_CR24","DOI":"10.4135\/9781446221792.n7"},{"doi-asserted-by":"crossref","unstructured":"Onabajo, A., Jahnke, J.: Properties of confidentiality requirements. In: 19th IEEE Symposium on Computer-Based Medical Systems (2006)","key":"15_CR25","DOI":"10.1109\/CBMS.2006.133"},{"issue":"6","key":"15_CR26","doi-asserted-by":"crossref","first-page":"525","DOI":"10.1080\/01449290701288379","volume":"28","author":"H Parkkola","year":"2009","unstructured":"Parkkola, H., Saariluoma, P., Berki, E.: Action-oriented classification of families\u2019 information and communication actions: exploring mothers\u2019 viewpoints. Behaviour and Information Technology 28(6), 525\u2013536 (2009)","journal-title":"Behaviour and Information Technology"},{"doi-asserted-by":"crossref","unstructured":"Rashid, A., et al.: Discovering \u201cunknown known\u201d security requirements. In: International Conference on Software Engineering. ACM Press (2016)","key":"15_CR27","DOI":"10.1145\/2884781.2884785"},{"issue":"4","key":"15_CR28","doi-asserted-by":"crossref","first-page":"557","DOI":"10.1109\/32.799955","volume":"25","author":"C Seaman","year":"1999","unstructured":"Seaman, C.: Qualitative methods in empirical studies of software engineering. IEEE Trans. Softw. Eng. 25(4), 557\u2013572 (1999)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"2","key":"15_CR29","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1080\/01449290512331321910","volume":"24","author":"S Srivastava","year":"2005","unstructured":"Srivastava, S.: Mobile phones and the evolution of social behaviour. Behav. Inf. Technol. 24(2), 111\u2013129 (2005)","journal-title":"Behav. Inf. Technol."},{"doi-asserted-by":"crossref","unstructured":"Thomas, K., Bandara, A., Price, B., Nuseibeh, B.: Distilling privacy requirements for mobile applications. In: 36th International Conference on Software Engineering (ICSE2014), 31 May-7 June, 2014, Hyderabad, India, pp. 871\u2013882 (2014)","key":"15_CR30","DOI":"10.1145\/2568225.2568240"},{"key":"15_CR31","doi-asserted-by":"crossref","first-page":"A1","DOI":"10.1016\/j.compedu.2016.12.002","volume":"106","author":"P Twining","year":"2017","unstructured":"Twining, P., et al.: Some guidance on conducting and reporting qualitative studies. Comput. Educ. 106, A1\u2013A9 (2017)","journal-title":"Comput. Educ."},{"doi-asserted-by":"crossref","unstructured":"Wang, Y., et al.: I regretted the minute I pressed share: a qualitative study of regrets on Facebook. In: 2011 Symposium on Usable Privacy and Security (SOUPS), Pittsburg, PA, USA (2011)","key":"15_CR32","DOI":"10.1145\/2078827.2078841"},{"doi-asserted-by":"crossref","unstructured":"Zurko, M.E., Simon, R.T.: User-centered security. In: 1996 Workshop on New Security Paradigms, NSPW 1996, pp. 27\u201333. ACM (1996)","key":"15_CR33","DOI":"10.1145\/304851.304859"}],"container-title":["Lecture Notes in Computer Science","Computer Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-72817-9_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,11]],"date-time":"2022-08-11T00:19:27Z","timestamp":1660177167000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-72817-9_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12,22]]},"ISBN":["9783319728162","9783319728179"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-72817-9_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017,12,22]]}}}