{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:18:52Z","timestamp":1754158732293,"version":"3.41.2"},"reference-count":41,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2018,10,8]],"date-time":"2018-10-08T00:00:00Z","timestamp":1538956800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2018,10,8]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The purpose of this study is the analysis of a security and privacy requirements engineering methodology. Such methodologies are considered an important part of systems\u2019 development process when they contain and process a large amount of critical information, and thus need to remain secure and ensure privacy.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>These methodologies provide techniques, methods and norms for tackling security and privacy issues in information systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, as the produced models are used not only among IT experts or among security specialists but also for communication among various stakeholders, in business environments or among novices in an academic environment.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The qualitative analysis revealed a partial satisfaction of these principles.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>This paper evaluates the effectiveness of a security and privacy requirements engineering methodology, namely, Secure Tropos, on the nine principles of the theory of notation.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-12-2017-0087","type":"journal-article","created":{"date-parts":[[2018,9,18]],"date-time":"2018-09-18T19:06:18Z","timestamp":1537297578000},"page":"382-400","source":"Crossref","is-referenced-by-count":4,"title":["Applying the physics of notation to the evaluation of a security and privacy requirements engineering methodology"],"prefix":"10.1108","volume":"26","author":[{"given":"Vasiliki","family":"Diamantopoulou","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"volume-title":"Notes on the Synthesis of Form","year":"1964","key":"key2022100508502870400_ref001"},{"volume-title":"Information Systems Development: Methodologies, Techniques and Tools","year":"2003","key":"key2022100508502870400_ref002"},{"issue":"8","key":"key2022100508502870400_ref003","doi-asserted-by":"crossref","first-page":"645","DOI":"10.1111\/j.1467-9280.2006.01759.x","article-title":"Humans prefer curved visual objects","volume":"17","year":"2006","journal-title":"Psychological Science"},{"volume-title":"Semiology of Graphics: diagrams, Networks, Maps","year":"1983","key":"key2022100508502870400_ref004"},{"key":"key2022100508502870400_ref005","unstructured":"Blackwell, A. and Green, T. (2009), \u201cCognitive dimensions of notations resource site\u201d, available at: www.cl.cam.ac.uk\/afb21\/CognitiveDimensions"},{"year":"2003","key":"key2022100508502870400_ref006","article-title":"Universal principles of design: a cross-disciplinary reference"},{"key":"key2022100508502870400_ref007","first-page":"115","article-title":"Visual notation design 2.0: towards user comprehensible requirements engineering notations","volume-title":"Requirements Engineering Conference (RE), 2013 21st IEEE International","year":"2013"},{"volume-title":"Structured Analysis and System Specification","year":"1979","key":"key2022100508502870400_ref008"},{"article-title":"Evaluation of a security and privacy requirements methodology using the physics of notation","volume-title":"Computer Security","year":"2017","key":"key2022100508502870400_ref009"},{"issue":"2","key":"key2022100508502870400_ref010","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1016\/j.aei.2006.11.004","article-title":"Toward a formal research framework for ontological analyses","volume":"21","year":"2007","journal-title":"Advanced Engineering Informatics"},{"issue":"4","key":"key2022100508502870400_ref011","doi-asserted-by":"crossref","first-page":"439","DOI":"10.1080\/00221300009598596","article-title":"Pictures, words, and sounds: from which format are we best able to reason?","volume":"127","year":"2000","journal-title":"The Journal of General Psychology"},{"year":"1994","key":"key2022100508502870400_ref012","article-title":"Object-oriented analysis and design with applications"},{"key":"key2022100508502870400_ref013","first-page":"443","article-title":"Cognitive dimensions of notations","volume-title":"People and Computers V","year":"1989"},{"issue":"2","key":"key2022100508502870400_ref014","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1006\/jvlc.1996.0009","article-title":"Usability analysis of visual programming environments: a? cognitive dimensions? framework","volume":"7","year":"1996","journal-title":"Journal of Visual Languages and Computing"},{"issue":"4","key":"key2022100508502870400_ref015","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1006\/jvlc.1999.0130","article-title":"Effective diagrammatic communication: Syntactic, semantic and pragmatic issues","volume":"10","year":"1999","journal-title":"Journal of Visual Languages and Computing"},{"issue":"5","key":"key2022100508502870400_ref016","doi-asserted-by":"crossref","first-page":"514","DOI":"10.1145\/42411.42414","article-title":"On visual formalisms","volume":"31","year":"1988","journal-title":"Communications of the Acm"},{"issue":"10","key":"key2022100508502870400_ref017","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1109\/MC.2004.172","article-title":"Meaningful modeling: what\u2019s the semantics of \u2018semantics\u2019?","volume":"37","year":"2004","journal-title":"Computer"},{"issue":"1","key":"key2022100508502870400_ref018","first-page":"10","article-title":"The details of conceptual modelling notations are important-a comparison of relationship normative language","volume":"9","year":"2002","journal-title":"Communications of the Association for Information Systems"},{"issue":"1","key":"key2022100508502870400_ref019","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1145\/1039539.1039541","article-title":"Usability engineering methods for software developers","volume":"48","year":"2005","journal-title":"Communications of the Acm"},{"issue":"1","key":"key2022100508502870400_ref020","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/606658.606659","article-title":"Diagramming information structures using 3d perceptual primitives","volume":"10","year":"2003","journal-title":"ACM Transactions on Computer-Human Interaction (Interaction)"},{"volume-title":"Software Evaluation: Criteria-Based Assessment","year":"2011","key":"key2022100508502870400_ref021"},{"issue":"1","key":"key2022100508502870400_ref022","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1207\/S15326985EP3801_4","article-title":"The expertise reversal effect","volume":"38","year":"2003","journal-title":"Educational Psychologist"},{"issue":"7","key":"key2022100508502870400_ref023","doi-asserted-by":"crossref","first-page":"926","DOI":"10.1016\/j.jss.2005.06.046","article-title":"Goal and scenario based domain requirements analysis environment","volume":"79","year":"2006","journal-title":"Journal of Systems and Software"},{"volume-title":"Enterprise Architecture at Work: Modelling, Communication and Analysis (the Enterprise Engineering Series)","year":"2009","key":"key2022100508502870400_ref024"},{"issue":"1","key":"key2022100508502870400_ref025","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1111\/j.1551-6708.1987.tb00863.x","article-title":"Why a diagram is (sometimes) worth ten thousand words","volume":"11","year":"1987","journal-title":"Cognitive Science"},{"issue":"4","key":"key2022100508502870400_ref026","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1016\/j.csi.2010.01.006","article-title":"A systematic review of security requirements engineering","volume":"32","year":"2010","journal-title":"Computer Standards and Interfaces"},{"issue":"6","key":"key2022100508502870400_ref027","doi-asserted-by":"crossref","first-page":"756","DOI":"10.1109\/TSE.2009.67","article-title":"The \u2018physics\u2019 of notations: toward a scientific basis for constructing visual notations in software engineering","volume":"35","year":"2009","journal-title":"IEEE Transactions on Software Engineering"},{"first-page":"10","article-title":"Complexity effects on end user understanding of data models: An experimental comparison of large data model representation methods","year":"2002","key":"key2022100508502870400_ref028"},{"year":"2002","key":"key2022100508502870400_ref029","article-title":"A natural extension of tropos methodology for modelling security"},{"key":"key2022100508502870400_ref030","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1007\/978-3-319-39417-6_16","article-title":"Security requirements engineering for cloud computing: the secure tropos approach","volume-title":"Domain-Specific Conceptual Modeling","year":"2016"},{"issue":"2","key":"key2022100508502870400_ref031","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1046\/j.1365-2575.1999.00052.x","article-title":"The effect of graphic style on data model interpretation","volume":"9","year":"1999","journal-title":"Information Systems Journal"},{"issue":"1","key":"key2022100508502870400_ref032","first-page":"43","article-title":"Ontological evaluation of the uml using the bunge\u2013wand\u2013weber model","volume":"1","year":"2002","journal-title":"Software and Systems Modeling"},{"key":"key2022100508502870400_ref033","first-page":"89","article-title":"Sectro: a case tool for modelling security in requirements engineering using secure tropos","volume-title":"CAiSE Forum","year":"2011"},{"issue":"3","key":"key2022100508502870400_ref034","doi-asserted-by":"crossref","first-page":"233","DOI":"10.1023\/A:1016344215610","article-title":"Empirical evaluation of aesthetics-based graph layout","volume":"7","year":"2002","journal-title":"Empirical Software Engineering"},{"issue":"1","key":"key2022100508502870400_ref035","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/S0378-7206(98)00078-0","article-title":"Understanding corporate data models","volume":"35","year":"1999","journal-title":"Information and Management"},{"issue":"10","key":"key2022100508502870400_ref036","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1145\/944217.944244","article-title":"Using ontology to validate conceptual models","volume":"46","year":"2003","journal-title":"Communications of the Acm"},{"issue":"1","key":"key2022100508502870400_ref037","first-page":"26","article-title":"Unified modeling language: a complexity analysis","volume":"12","year":"2001","journal-title":"Journal of Database Management (Management)"},{"key":"key2022100508502870400_ref038","first-page":"589","article-title":"Constraint matching for diagram design: Qualitative visual languages","volume-title":"Theory and Application of Diagrams","year":"2000"},{"issue":"2","key":"key2022100508502870400_ref039","doi-asserted-by":"crossref","first-page":"136","DOI":"10.1016\/0361-476X(92)90055-4","article-title":"Effects of knowledge map characteristics on information processing","volume":"17","year":"1992","journal-title":"Contemporary Educational Psychology"},{"issue":"3","key":"key2022100508502870400_ref040","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1109\/47.59083","article-title":"Encoding and retrieval of information in maps and diagrams","volume":"33","year":"1990","journal-title":"IEEE Transactions on Professional Communication"},{"key":"key2022100508502870400_ref041","first-page":"70","article-title":"A social ontology for integrating security and software engineering","volume-title":"Integrating Security and Software Engineering: Advances and Future Actions","year":"2006"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-12-2017-0087\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-12-2017-0087\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:25Z","timestamp":1753406605000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/26\/4\/382-400\/107954"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,10,8]]},"references-count":41,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2018,10,8]]}},"alternative-id":["10.1108\/ICS-12-2017-0087"],"URL":"https:\/\/doi.org\/10.1108\/ics-12-2017-0087","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2018,10,8]]}}}