{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T12:09:23Z","timestamp":1766491763035,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,17]]},"DOI":"10.1145\/3727967.3756849","type":"proceedings-article","created":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T11:53:17Z","timestamp":1766490797000},"page":"49-55","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Persona-driven approach to enhance security requirement elicitation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9043-3568","authenticated-orcid":false,"given":"Daria","family":"Levaniuk","sequence":"first","affiliation":[{"name":"Software Engineering Department, LUT University, Lappeenranta, Finland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5271-5604","authenticated-orcid":false,"given":"Bilal","family":"Naqvi","sequence":"additional","affiliation":[{"name":"Software Engineering Department, LUT University, Lappeenranta, Finland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4906-6495","authenticated-orcid":false,"given":"Muhammad Azeem","family":"Akbar","sequence":"additional","affiliation":[{"name":"Software Engineering Department, LUT University, Lappeenranta, Finland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6953-0021","authenticated-orcid":false,"given":"Antti","family":"Knutas","sequence":"additional","affiliation":[{"name":"Software Engineering Department, LUT University, Lappeenranta, Finland"}]}],"member":"320","published-online":{"date-parts":[[2025,12,23]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"Yasemin Acar Sascha Fahl and Michelle\u00a0L Mazurek. 2016. You are not your developer either: A research agenda for usable security and privacy research beyond end users. 2016 IEEE Cybersecurity Development (SecDev) (2016) 3\u20138.","key":"e_1_3_3_1_2_2","DOI":"10.1109\/SecDev.2016.013"},{"doi-asserted-by":"crossref","unstructured":"Alka Agrawal Mamdouh Alenezi Suhel\u00a0Ahmad Khan Rajeev Kumar and Raees\u00a0Ahmad Khan. 2022. Multi-level fuzzy system for usable-security assessment. Journal of King Saud University-Computer and Information Sciences 34 3 (2022) 657\u2013665.","key":"e_1_3_3_1_3_2","DOI":"10.1016\/j.jksuci.2019.04.007"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_4_2","DOI":"10.1007\/978-3-031-29786-1_5"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_5_2","DOI":"10.1109\/ICWR.2016.7498465"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_6_2","DOI":"10.1109\/ARES.2011.115"},{"doi-asserted-by":"crossref","unstructured":"Laura Bitomsky Olga B\u00fcrger Bj\u00f6rn H\u00e4ckel and Jannick T\u00f6ppel. 2020. Value of data meets IT security\u2013assessing IT security risks in data-driven value chains. Electronic Markets 30 3 (2020) 589\u2013605.","key":"e_1_3_3_1_7_2","DOI":"10.1007\/s12525-019-00383-6"},{"doi-asserted-by":"crossref","unstructured":"Edna\u00a0Dias Canedo Ian\u00a0Nery Bandeira Angelica Toffano\u00a0Seidel Calazans Pedro Henrique\u00a0Teixeira Costa Emille Catarine\u00a0Rodrigues Can\u00e7ado and Rodrigo Bonif\u00e1cio. 2023. Privacy requirements elicitation: a systematic literature review and perception analysis of IT practitioners. Requirements Engineering 28 2 (2023) 177\u2013194.","key":"e_1_3_3_1_8_2","DOI":"10.1007\/s00766-022-00382-8"},{"key":"e_1_3_3_1_9_2","volume-title":"Proceedings of the First Workshop on the Interplay between Usability Evaluation and Software Development (I-USED 2008)","author":"Castro John\u00a0W.","year":"2008","unstructured":"John\u00a0W. Castro, Silvia\u00a0Teresita Acu\u00f1a, and Natalia\u00a0Juristo Juzgado. 2008. Enriching Requirements Analysis with the Personas Technique. In Proceedings of the First Workshop on the Interplay between Usability Evaluation and Software Development (I-USED 2008). CEUR-WS.org, Pisa, Italy. https:\/\/oa.upm.es\/3508\/"},{"doi-asserted-by":"crossref","unstructured":"Jane Cleland-Huang. 2013. Meet Elaine: a persona-driven approach to exploring architecturally significant requirements. IEEE Software 30 4 (2013) 18\u201321.","key":"e_1_3_3_1_10_2","DOI":"10.1109\/MS.2013.80"},{"doi-asserted-by":"crossref","unstructured":"Daniela Damian. 2007. Stakeholders in global requirements engineering: Lessons learned from practice. IEEE software 24 2 (2007) 21\u201327.","key":"e_1_3_3_1_11_2","DOI":"10.1109\/MS.2007.55"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_12_2","DOI":"10.1109\/IntelCIS.2015.7397285"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_13_2","DOI":"10.14236\/ewic\/HCI2010.17"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_14_2","DOI":"10.1007\/978-3-031-17728-6_1"},{"doi-asserted-by":"crossref","unstructured":"John\u00a0C Grundy. 2021. Impact of End User Human Aspects on Software Engineering. ENASE 2021 (2021) 9\u201320.","key":"e_1_3_3_1_15_2","DOI":"10.5220\/0010531800090020"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_16_2","DOI":"10.1109\/SP46214.2022.9833756"},{"doi-asserted-by":"crossref","unstructured":"Dulaji Hidellaarachchi John Grundy Rashina Hoda and Kashumi Madampe. 2021. The effects of human aspects on the requirements engineering process: A systematic literature review. IEEE Transactions on Software Engineering 48 6 (2021) 2105\u20132127.","key":"e_1_3_3_1_17_2","DOI":"10.1109\/TSE.2021.3051898"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_18_2","DOI":"10.1145\/3641822.3641874"},{"key":"e_1_3_3_1_19_2","first-page":"541","volume-title":"Proceedings of the 19th CIRP Design Conference \u2013 Competitive Design","author":"Hosono S.","year":"2009","unstructured":"S. Hosono, M. Hasegawa, T. Hara, Y. Shimomura, and T. Arai. 2009. A Methodology of Persona-centric Service Design. In Proceedings of the 19th CIRP Design Conference \u2013 Competitive Design. Cranfield University Press, Cranfield, UK, 541. https:\/\/dspace.lib.cranfield.ac.uk\/items\/d4fe34f6-20d6-43d0-8b1e-ff979d049117"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_20_2","DOI":"10.1145\/3641822.3641879"},{"key":"e_1_3_3_1_21_2","first-page":"24","volume-title":"International Conference on Evaluation of Novel Approaches to Software Engineering","author":"Karolita Devi","year":"2023","unstructured":"Devi Karolita, John Grundy, Tanjila Kanij, Humphrey Obie, and Jennifer McIntosh. 2023. What should be in a persona for use in requirements engineering. In International Conference on Evaluation of Novel Approaches to Software Engineering. Springer, 24\u201346."},{"doi-asserted-by":"crossref","unstructured":"Devi Karolita Jennifer McIntosh Tanjila Kanij John Grundy and Humphrey\u00a0O Obie. 2023. Use of personas in requirements engineering: A systematic mapping study. Information and Software Technology 162 (2023) 107264.","key":"e_1_3_3_1_22_2","DOI":"10.1016\/j.infsof.2023.107264"},{"unstructured":"Rafiq\u00a0Ahmad Khan Siffat\u00a0Ullah Khan Muhammad\u00a0Azeem Akbar and Musaad Alzahrani. 2024. Security risks of global software development life cycle: Industry practitioner\u2019s perspective. Journal of Software: Evolution and Process 36 3 (2024) e2521.","key":"e_1_3_3_1_23_2"},{"doi-asserted-by":"crossref","unstructured":"Duncan Ki-Aries and Shamal Faily. 2017. Persona-centred information security awareness. Computers & security 70 (2017) 663\u2013674.","key":"e_1_3_3_1_24_2","DOI":"10.1016\/j.cose.2017.08.001"},{"doi-asserted-by":"crossref","unstructured":"Markus Lennartsson Joakim K\u00e4vrestad and Marcus Nohlberg. 2021. Exploring the meaning of usable security\u2013a literature review. Information & Computer Security 29 4 (2021) 647\u2013663.","key":"e_1_3_3_1_25_2","DOI":"10.1108\/ICS-10-2020-0167"},{"doi-asserted-by":"crossref","unstructured":"Tong Li Xiaowei Wang and Yeming Ni. 2022. Aligning social concerns with information system security: A fundamental ontology for social engineering. Information Systems 104 (2022) 101699.","key":"e_1_3_3_1_26_2","DOI":"10.1016\/j.is.2020.101699"},{"doi-asserted-by":"crossref","unstructured":"Pedro\u00a0A Lohmann Carlos Albuquerque and Raphael Machado. 2023. Systematic Literature Review of Threat Modeling Concepts. ICISSP 1 (2023) 163\u2013173.","key":"e_1_3_3_1_27_2","DOI":"10.5220\/0011783000003405"},{"key":"e_1_3_3_1_28_2","volume-title":"Proceedings of the 32nd International BCS Human Computer Interaction Conference","author":"Moeckel Caroline","year":"2018","unstructured":"Caroline Moeckel. 2018. Building Attacker Personas in Practice\u2014a Digital Banking Example. In Proceedings of the 32nd International BCS Human Computer Interaction Conference. BCS Learning & Development."},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_29_2","DOI":"10.1145\/3240167.3240241"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_30_2","DOI":"10.1109\/RE.2016.68"},{"doi-asserted-by":"crossref","unstructured":"Bilal Naqvi Nathan Clarke and Jari Porras. 2021. Incorporating the human facet of security in developing systems and services. Information & Computer Security 29 1 (2021) 49\u201372.","key":"e_1_3_3_1_31_2","DOI":"10.1108\/ICS-11-2019-0130"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_32_2","DOI":"10.1109\/ICISE.2018.00019"},{"doi-asserted-by":"crossref","unstructured":"Miguel\u00a0Angel Olivero Antonia Bertolino Francisco\u00a0Jos\u00e9 Dom\u00ednguez-Mayo Mar\u00eda\u00a0Jos\u00e9 Escalona and Ilaria Matteucci. 2020. Digital persona portrayal: Identifying pluridentity vulnerabilities in digital life. Journal of Information Security and Applications 52 (2020) 102492.","key":"e_1_3_3_1_33_2","DOI":"10.1016\/j.jisa.2020.102492"},{"unstructured":"Sandeep Pochu and Srikanth\u00a0Reddy Kathram. 2024. Integrating Security Requirements into Software Development: A Comprehensive Approach to Secure Software Design. Online; PDF. https:\/\/www.researchgate.net\/publication\/388497235_Integrating_Security_Requirements_into_Software_Development_A_Comprehensive_Approach_to_Secure_Software_Design Accessed: Feb. 24 2025.","key":"e_1_3_3_1_34_2"},{"doi-asserted-by":"crossref","unstructured":"Karolina R\u0105czkowska-Gzowska and Anita Walkowiak-Gall. 2023. What should a good software requirements specification include? Results of a survey. Foundations of Computing and Decision Sciences 48 1 (2023) 57\u201381.","key":"e_1_3_3_1_35_2","DOI":"10.2478\/fcds-2023-0004"},{"doi-asserted-by":"crossref","unstructured":"Syed\u00a0Danish Rizvi Ali Ahsan and Waqas Mahmood. 2022. Role of human aspects on the process of software requirement elicitation. International Journal of Education and Management Engineering 12 4 (2022) 12.","key":"e_1_3_3_1_36_2","DOI":"10.5815\/ijeme.2022.04.02"},{"key":"e_1_3_3_1_37_2","first-page":"603","volume-title":"Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE","author":"Santos Marco","year":"2014","unstructured":"Marco Santos, Jacilane Rabelo, Raimundo Barreto, and Tayana Conte. 2014. Persona security: A technique for supporting the elicitation of security requirements. In Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE. 603\u2013608."},{"doi-asserted-by":"crossref","unstructured":"Md Shamsujjoha John Grundy Hourieh Khalajzadeh Qinghua Lu and Li Li. 2024. Developer and end-user perspectives on addressing human aspects in mobile eHealth apps. Information and Software Technology 166 (2024) 107353.","key":"e_1_3_3_1_38_2","DOI":"10.1016\/j.infsof.2023.107353"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_39_2","DOI":"10.1109\/ICOASE51841.2020.9436595"},{"doi-asserted-by":"crossref","unstructured":"Wee\u00a0Wee Sim and Peggy\u00a0S Brouse. 2014. Empowering requirements engineering activities with personas. Procedia Computer Science 28 (2014) 237\u2013246.","key":"e_1_3_3_1_40_2","DOI":"10.1016\/j.procs.2014.03.030"},{"volume-title":"2024 Data Breach Investigations Report","year":"2024","unstructured":"Verizon. 2024. 2024 Data Breach Investigations Report. Technical Report. Verizon. https:\/\/www.verizon.com\/business\/resources\/Tf25\/reports\/2024-dbir-data-breach-investigations-report.pdf Accessed: Feb. 20, 2025.","key":"e_1_3_3_1_41_2"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_42_2","DOI":"10.1145\/3701625.3701677"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_43_2","DOI":"10.1109\/ASEW52652.2021.00041"},{"doi-asserted-by":"publisher","key":"e_1_3_3_1_44_2","DOI":"10.1109\/ISMAR-Adjunct57072.2022.00168"}],"event":{"acronym":"EASE Companion '25","name":"EASE Companion '25: Evaluation and Assessment in Software Engineering","location":"Istanbul Turkiye"},"container-title":["Proceedings of the 2025 29th International Conference on Evaluation and Assessment in Software Engineering Companion"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3727967.3756849","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T12:07:59Z","timestamp":1766491679000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3727967.3756849"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,17]]},"references-count":43,"alternative-id":["10.1145\/3727967.3756849","10.1145\/3727967"],"URL":"https:\/\/doi.org\/10.1145\/3727967.3756849","relation":{},"subject":[],"published":{"date-parts":[[2025,6,17]]},"assertion":[{"value":"2025-12-23","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}