Recent high-profile cyber-attacks affecting the National Health Service (NHS) in the UK have brought into focus the fact that data, devices, and people are so intermingled that we now need a new way of approaching everyday security that provides an account of place. The assumption until now has been that the security of the individual will follow from technical security and that designing for security requires purely technological solutions. Our creative engagement method puts the human security of actors in the foreground, ensuring that actors who may ordinarily be marginalized may have their perspectives taken into account. The creative methods used include participatory physical modelling to co-design representations of what constitutes ontological security in the everyday for communities. LEGO and other materials allow participants to physically model matters of concern as tangible scenarios, using colored bricks to encode actors, infrastructure, and the movement of data. In this paper, a single LEGO model, depicting an internet-protocol home-banking service, is described in detail. A number of playful and agonistic interactions between our participants are examined through a place-based lens, using descriptive concepts from ontological and autonomous design, an approach designed to tease apart different aspects of our results. This reveals how a community constructs place, the perspectives and horizons of actors, and networks of resilience. We find that participants achieve positive insight into these scenarios by testing out the ways in which they can be broken down by antagonists and adversaries. Participants sustain a space of contestation in which dissensus is established and anticipation of breakdown can be played with.
This paper examines the use of visualisations in the field of information security and in particular focuses on the practice of information security risk assessment. We examine the current roles of information security visualisations and place these roles in the wider information visualisation discourse. We present an analytic lens which divides visualisations into three categories: journalistic, scientific and critical visualisations. We then present a case study that uses these three categories of visualisations to further support information security practice.Two significant results emerge from this case study: (1) visualisations that promote critical thinking and reflection (a form of critical visualisation) support the multi-stakeholder nature of risk assessment and (2) a preparatory stage in risk assessment is sometimes needed by service designers in order to establish the service design before conducting a formal risk assessment.The reader is invited to explore the images in the digital version of this paper where they can zoom in to particular aspects of the images and view the images in colour. CCS Concepts•Human-centered computing → Visualization theory, concepts and paradigms; Participatory design; Computer supported cooperative work; Graphical user interfaces; •Security and privacy → Social aspects of security and privacy;
Security models and security economics have been separate developments for a long time. Models represent the organisation under scrutiny with possible attack paths, and security economics covers the effect and cost of attacks and counter-measures. This inhibits progress in decision support for security investment. The navigation metaphor merges these two concepts: navigation on security models can identify optimal attacker and defender decisions for multistep attacks, based on "maps" of the system being studied. Routes on the map represent attacks on the system. Economic optimisation analyses can identify the most efficient routes for gaining access to certain targets from the point of view of an attacker; this insight is used to optimise the defences on these routes from the point of view of the defender. In this article, we discuss the achievements and the challenges of the navigation metaphor in cyber security.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.