Duncan Ki-Aries scite author profile

Available online A B S T R A C TMaintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One approach towards improving behaviours and culture is with the application of on-going awareness activities. This paper presents an approach for identifying security related human factors by incorporating personas into information security awareness design and implementation. The personas, which are grounded in empirical data, offer a useful method for identifying audience needs and security risks, enabling a tailored approach to business-specific awareness activities. As a means for integrating personas, we present six on-going steps that can be embedded into business-as-usual activities with 90-day cycles of awareness themes, and evaluate our approach with a case study business. Our findings suggest a persona-centred information security awareness approach has the capacity to adapt to the time and resource required for its implementation within the business, and offer a positive contribution towards reducing or mitigating Information Security risks through security awareness.

show abstract

System of Systems Characterisation assisting Security Risk Assessment

Ki-Aries

Faily

Doğan

et al. 2018

View full text Add to dashboard Cite

System of Systems (SoS) is a term often used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, clarity is needed when using this term given that operational areas may be unfamiliar with the terminology. In this paper, we present an approach for refining System and SoS descriptions to aid multistakeholder communication and understanding; building on previous work, we illustrate an example of characterising a likely SoS. By identifying key stakeholders, systems, management and control, this approach supports the initial steps of a SoS security risk assessment approach using a tool-supported framework that supports operational needs towards requirements engineering.

show abstract

Re-framing “the AMN”: A case study eliciting and modelling a System of Systems using the Afghan Mission Network

Ki-Aries

Faily

Doğan

et al. 2017

View full text Add to dashboard Cite

Abstract-The term System of Systems (SoS) is often used to classify an arrangement of independent and interdependent systems delivering unique capabilities. There appear to be many examples of SoSs, but the term has become a source of confusion. While many approaches have been proposed for engineering SoSs, there are few illustrative examples demonstrating their initial classification and resulting SoS structure. This paper presents an approach for framing a candidate SoS using the Afghan Mission Network defined as an Acknowledged SoS, and presents issues associated with SoSs stakeholders, human factors and interoperability considerations resulting from such an approach.

show abstract

Tool-Supporting Data Protection Impact Assessments with CAIRIS

Coles

Faily

Ki-Aries

2018

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) encourages the use of Data Protection Impact Assessments (DPIAs) to integrate privacy into organisations' activities and practices from early design onwards. To date, however, there has been little prescription about how Security & Privacy Requirements Engineering processes map to the necessary activities of a DPIA, and how these activities can be tool-supported. To address this problem, we present a tool-supported process for undertaking DPIAs using existing Requirements Engineering approaches and the CAIRIS platform. We illustrate this process using a real-world case study example where it was used to elicit privacy risks for a prototype medical application to support chemotherapy treatment.

show abstract

From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems

Ki-Aries

Doğan

Faily

et al. 2017

View full text Add to dashboard Cite

Abstract-Framing Internet of Things (IoT) applications as a System of Systems (SoS) can help us make sense of complexity associated with interoperability and emergence. However, assessing the risk of SoSs is a challenge due to the independence of component systems, and their differing degrees of control and emergence. This paper presents three components for SoS risk assessment that integrate with existing risk assessment approaches: Human System Integration (HSI), Interoperability identification and analysis, and Emergent behaviour evaluation and control measures. We demonstrate the application of these components by assessing a pervasive SoS: a SmartPowerchair.

show abstract

Contextualisation of Data Flow Diagrams for Security Analysis

Faily

Scandariato

Shostack

et al. 2020

View full text Add to dashboard Cite

Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models.

show abstract

Assessing System of Systems Security Risk and Requirements with OASoSIS

Ki-Aries

Faily

Doğan

et al. 2018

View full text Add to dashboard Cite

When independent systems come together as a System of Systems (SoS) to achieve a new purpose, dealing with requirements conflicts across systems becomes a challenge. Moreover, assessing and modelling security risk for independent systems and the SoS as a whole is challenged by a gap in related research and approaches within the SoSs domain. In this paper, we present an approach for bridging SoS and Requirements Engineering by identifying aligning SoSs concepts to assess and model security risk and requirements. We introduce our OASo-SIS approach modifying OCTAVE Allegro for SoSs using CAIRIS (Computer Aided Integration of Requirements and Information Security) with a medical evacuation (MEDEVAC) SoS exemplar for Security Requirements Engineering tool-support.

show abstract

Assessing system of systems information security risk with OASoSIS

Ki-Aries

Faily

Doğan

et al. 2022

Computers & Security

View full text Add to dashboard Cite

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Duncan Ki-Aries

Persona-centred information security awareness

System of Systems Characterisation assisting Security Risk Assessment

Re-framing “the AMN”: A case study eliciting and modelling a System of Systems using the Afghan Mission Network

Tool-Supporting Data Protection Impact Assessments with CAIRIS

From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems

Contextualisation of Data Flow Diagrams for Security Analysis

Assessing System of Systems Security Risk and Requirements with OASoSIS

Assessing system of systems information security risk with OASoSIS

Contact Info

Product

Resources

About