{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T17:46:07Z","timestamp":1778175967653,"version":"3.51.4"},"reference-count":23,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T00:00:00Z","timestamp":1444608000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system\u2019s design. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system\u2019s design. The author validates this approach using a case study in the e-Science domain. <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparatively late stage. Security design techniques should scale to working with sub-optimal input data. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 This paper contributes an approach where assumption personas engage project team members when eliciting and specifying security requirements at the late stages of a project.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/ics-10-2014-0066","type":"journal-article","created":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T19:42:32Z","timestamp":1444678952000},"page":"435-446","source":"Crossref","is-referenced-by-count":8,"title":["Engaging stakeholders during late stage security design with assumption personas"],"prefix":"10.1108","volume":"23","author":[{"given":"Shamal","family":"Faily","sequence":"first","affiliation":[]}],"member":"140","reference":[{"key":"key2020122021111339800_b1","unstructured":"Cooper, A.R.\n and \n Cronin, D.\n (2007), \n About Face 3: The Essentials of Interaction Design\n , John Wiley \n\t\t\t\t\t&\n\t\t\t\t Sons, Hoboken, NJ."},{"key":"key2020122021111339800_b2","doi-asserted-by":"crossref","unstructured":"Crichton, C.\n , \n Davies, J. Gibbons, J. Harris, S. Tsui, A.\n and \n Brenton, J.\n (2009), \u201cMetadata-driven software for clinical trials\u201d, \n Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care\n , \n IEEE Computer Society\n , pp. 1-11.","DOI":"10.1109\/SEHC.2009.5069600"},{"key":"key2020122021111339800_b3","doi-asserted-by":"crossref","unstructured":"Dray, S.M.\n (2014), \u201cQuestioning assumptions: UX research that really matters\u201d, \n Interactions\n , Vol. 21 No. 2, pp. 82-85.","DOI":"10.1145\/2568485"},{"key":"key2020122021111339800_b4","unstructured":"Faily, S.\n (2011), \u201cA framework for usable and secure system design\u201d, PhD thesis, University of Oxford."},{"key":"key2020122021111339800_b5","unstructured":"Faily, S.\n (2013), \u201cCAIRIS web site\u201d, available at: http:\/\/github.com\/failys\/CAIRIS (accessed 13 October 2014)."},{"key":"key2020122021111339800_b6","doi-asserted-by":"crossref","unstructured":"Faily, S.\n and \n Fl\u00e9chais, I.\n (2010), \u201cBarry is not the weakest link: eliciting secure system requirements with Personas\u201d, Proceedings of the 24th BCS Interaction Specialist Group Conference, BCS \u201910, \n British Computer Society\n , pp. 124-132.","DOI":"10.14236\/ewic\/HCI2010.17"},{"key":"key2020122021111339800_b7","doi-asserted-by":"crossref","unstructured":"Faily, S.\n and \n Fl\u00e9chais, I.\n (2010a), \u201cA meta-model for usable secure requirements engineering\u201d, \n Proceedings of the 6th International Workshop on Software Engineering for Secure Systems\n , \n IEEE Computer Society\n , pp. 126-135.","DOI":"10.1145\/1809100.1809105"},{"key":"key2020122021111339800_b8","doi-asserted-by":"crossref","unstructured":"Faily, S.\n and \n Fl\u00e9chais, I.\n (2010b), \u201cThe secret lives of assumptions: developing and refining assumption personas for secure system design\u201d, Proceedings of the 3rd Conference on Human-Centered Software Engineering, Springer, pp. 111-118.","DOI":"10.1007\/978-3-642-16488-0_9"},{"key":"key2020122021111339800_b9","doi-asserted-by":"crossref","unstructured":"Faily, S.\n and \n Fl\u00e9chais, I.\n (2011), \u201cUser-centered information security policy development in a post-Stuxnet world\u201d, Proceedings of the 6th International Conference on Availability, Reliability and Security, pp. 716-721.","DOI":"10.1109\/ARES.2011.111"},{"key":"key2020122021111339800_b10","doi-asserted-by":"crossref","unstructured":"Faily, S.\n and \n Lyle, J.\n (2013), \u201cGuidelines for integrating personas into software engineering tools\u201d, Proceedings of the 5th ACM SIGCHI Symposium on Engineering Interactive Computing Systems, EICS \u201913, \n ACM\n , pp. 69-74.","DOI":"10.1145\/2494603.2480318"},{"key":"key2020122021111339800_b11","unstructured":"Fl\u00e9chais, I.\n (2005), \u201cDesigning secure and usable systems\u201d, PhD thesis, University College, London."},{"key":"key2020122021111339800_b12","doi-asserted-by":"crossref","unstructured":"Fl\u00e9chais, I.\n , \n Mascolo, C.\n and \n Sasse, M.A.\n (2007), \u201cIntegrating security and usability into the requirements and design process\u201d, \n International Journal of Electronic Security and Digital Forensics\n , Vol. 1 No. 1, pp. 12-26.","DOI":"10.1504\/IJESDF.2007.013589"},{"key":"key2020122021111339800_b16","doi-asserted-by":"crossref","unstructured":"Martin, A.\n , \n Davies, J.\n and \n Harris, S.\n (2010), \u201cTowards a framework for security in e-Science\u201d, IEEE E-Science 2010 Conference, Oxford University, Oxford.","DOI":"10.1109\/eScience.2010.19"},{"key":"key2020122021111339800_b17","unstructured":"National Center for Biotechnology Information\n . (2014), \u201cPubMed.gov\u201d, available at: www.ncbi.nlm.nih.gov\/pubmed (accessed 13 October 2014)."},{"key":"key2020122021111339800_b18","doi-asserted-by":"crossref","unstructured":"Parkin, S.\n , \n van Moorsel, A. \n , \n Inglesant, P.\n and \n Angela, S.M.\n (2010), \u201cA stealth approach to usable security: helping IT security managers to identify workable security solutions\u201d, Proceedings of the 2010 Workshop on New Security Paradigms, NSPW \u201910, ACM, pp. 33-50.","DOI":"10.1145\/1900546.1900553"},{"key":"key2020122021111339800_b19","unstructured":"Pruitt, J.\n and \n Adlin, T.\n (2006), \n The Persona Lifecycle: Keeping People in Mind Throughout Product Design\n , Elsevier, New York, NY."},{"key":"key2020122021111339800_b20","unstructured":"Rosson, M.B.\n and \n Carroll, J.M.\n (2002), \n Usability Engineering: Scenario-Based Development of Human-Computer Interaction\n , Academic Press, Salt Lake City UT."},{"key":"key2020122021111339800_b21","unstructured":"Schneier, B.\n (2012), \n Liars & Outliers: Enabling the Trust That Society Needs to Thrive\n , John Wiley \n\t\t\t\t\t&\n\t\t\t\t Sons, Hoboken, NJ."},{"key":"key2020122021111339800_b22","unstructured":"Taylor, J.\n (2001), \u201cPresentation at e-science meeting by the director of the research councils, office of science and technology, UK\u201d, available at: www.nesc.ac.uk\/nesc\/define.html (accessed 13 October 2014)."},{"key":"key2020122021111339800_b23","doi-asserted-by":"crossref","unstructured":"Toulmin, S.\n (2003), \n The Uses of Argument\n , Cambridge University Press, Cambridge.","DOI":"10.1017\/CBO9780511840005"},{"key":"key2020122021111339800_b13","doi-asserted-by":"crossref","unstructured":"van Lamsweerde, A.\n (2004), \u201cElaborating security requirements by construction of intentional anti-models\u201d, Proceedings of the 26th International Conference on Software Engineering, IEEE Computer Society, pp. 148-157.","DOI":"10.1109\/ICSE.2004.1317437"},{"key":"key2020122021111339800_b14","unstructured":"van Lamsweerde, A.\n (2009), \n Requirements Engineering: From System Goals to UML Models to Software Specifications\n , John Wiley \n\t\t\t\t\t&\n\t\t\t\t Sons, Hoboken, NJ."},{"key":"key2020122021111339800_b15","doi-asserted-by":"crossref","unstructured":"van Lamsweerde, A.\n and \n Letier, E.\n (2000), \u201cHandling obstacles in goal-oriented requirements engineering\u201d, \n IEEE Transactions on Software Engineering\n , Vol. 26 No. 10, pp. 978-1005.","DOI":"10.1109\/32.879820"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-10-2014-0066","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2014-0066\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2014-0066\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:13Z","timestamp":1753406593000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/4\/435-446\/113598"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":23,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2015,10,12]]}},"alternative-id":["10.1108\/ICS-10-2014-0066"],"URL":"https:\/\/doi.org\/10.1108\/ics-10-2014-0066","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2015,10,12]]}}}