Holding on to dissensus: Participatory interactions in security design

Heath, Claude P. R.; Hall, Peter A.; Coles-Kemp, Lizzie

doi:10.4013/sdrj.2018.112.03

Cited by 13 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Participatory Action Research: Engaging methods such as action research and participatory action research (PAR) were first introduced to the field of information systems in the 90's [3]. Since then, such creative engagement methods have been applied to security studies [1], [12]. The purpose of these methods is to be playful, participative, open-ended, and democratic [12].…”

Section: B Methodologymentioning

confidence: 99%

See 1 more Smart Citation

2 Fast 2 Secure: A Case Study of Post-Breach Security Changes

Demjaha

Caulfield

Sasse

et al. 2019

2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

A security breach often makes companies react by changing their attitude and approach to security within the organization. This paper presents an in-depth case study of post-breach security changes made by a company and the consequences of those changes. We employ the principles of participatory action research and humble inquiry to conduct a long-term study with employee interviews while embedded in the organization's security division. Despite an extremely high level of financial investment in security, and consistent attention and involvement from the board, the interviews indicate a significant level of friction between employees and security. In the main themes that emerged from our data analysis, a number of factors shed light on the friction: fear of another breach leading to zero risk appetite, impossible security controls making non-compliance a norm, security theatre underminining the purpose of security policies, employees often trading-off security with productivity, and as such being treated as children in detention rather than employees trying to finish their paid jobs. This paper shows that post-breach security changes can be complex and sometimes risky due to emotions often being involved. Without an approach considerate of how humans and security interact, even with high financial investment, attempts to change an organization's security behaviour may be ineffective.

show abstract

Section: B Methodologymentioning

confidence: 99%

“…Since then, such creative engagement methods have been applied to security studies [1], [12]. The purpose of these methods is to be playful, participative, open-ended, and democratic [12].…”

Section: B Methodologymentioning

confidence: 99%

2 Fast 2 Secure: A Case Study of Post-Breach Security Changes

Demjaha

Caulfield

Sasse

et al. 2019

2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

show abstract

“…To achieve this, they propose a methodology consisting of passive and active data collection cycles -meant to collect accurate data about security behaviours and attitudes in organizations [3]. Heath, Hall, and Coles-Kemp [13] focus on the security design of a home banking system by intersecting aspects of co-design and participatory physical modelling. More specifically, participants interact with different security scenarios by using LEGO kits and achieve positive insights by doing so.…”

Section: Co-design and Securitymentioning

confidence: 99%

Found in Translation: Co-design for Security Modelling

Demjaha

Pym

Caulfield

2022

Socio-Technical Aspects in Security

View full text Add to dashboard Cite

Background. In increasingly complex and dynamic environments, it is difficult to predict potential outcomes of security policies. Therefore, security managers (or other stakeholders) are often challenged with designing and implementing security policies without knowing the consequences for the organization. Aim. Modelling, as a tool for thinking, can help identify those consequences in advance as a way of managing decision-making risks and uncertainties. Our co-design approach aims to tackle the challenges of problem definition, data availability, and data collection associated with modelling behavioural and cultural aspects of security. Method. Our process of modelling co-design is a proposed solution to these challenges, in particular for models aiming to incorporate organizational security culture. We present a case study of a long-term study at Company A, where using the methods of participatory action research, humble inquiry, and thematic analysis, largely shaped our understanding of co-design. We reflect on the methodological advantages of co-design, as well as shortcomings. Result. Our methodology engages modellers and system stakeholders through a four-stage co-design process consisting of (1) observation and candidate data availability, (2) candidate model design, (3) interpretation of model consequences, and (4) interpretation of domain consequences. Conclusion. We have proposed a new methodology by integrating the concept of co-design into the classical modelling cycle and providing a rigorous methodology for the construction of models that captures the system and its behaviours accurately. We have also demonstrated what an attempt at co-design looks like in the real-world, and reflected upon necessary improvements.

show abstract

“…Re-casting the values of the welfare system so that efficiency, employment and self-efficacy are matched with values of solidarity, reciprocity and care creates new placements of access and security that are located within the wider welfare ecosystem. Framing welfare as a form of care acknowledges the potential for conflict but also provides capacity for working with, rather than against, the breakdowns of everyday patterns and interactions (Hall, Coles-Kemp, and Heath 2018).…”

Section: Possible Futures In Dialogue With the Lived Presentmentioning

confidence: 99%

Digital welfare: designing for more nuanced forms of access

Coles-Kemp

Ashenden

Morris

et al. 2020

Policy Design and Practice

Self Cite

View full text Add to dashboard Cite

The aim of many forms of digitalized welfare is to offer a personalized, holistic service that is affordable, sustainable, efficient, encouraging and leaves room for voluntary action. We argue that for these goals to be achieved, consideration has to be given both to the design of the system delivered by the welfare provider and to the ecosystem that further shapes the experience of the system. In such an ecosystem not only should state-provided welfare be considered but so too should community support, as well as alternative methods of accounting for societal contribution. In this paper, we use theoretical perspectives on access and security to ideate sketches that invoke new user experiences of welfare. These sketches reflect the importance of both designing for and understanding the ecosystem in which welfare systems are accessed, in order to articulate a different welfare ethos that can encompass both complementary and conflicting perspectives. Using the ideas of Buchanan (1992Buchanan ( , 2001a our synthesis of theories related to security with the practical implementation of digital welfare aims to shape the placement (Buchanan 1992) of digital welfare by embedding access points of different types further into the welfare ecosystem.

show abstract

Holding on to dissensus: Participatory interactions in security design

Cited by 13 publications

References 12 publications

2 Fast 2 Secure: A Case Study of Post-Breach Security Changes

2 Fast 2 Secure: A Case Study of Post-Breach Security Changes

Found in Translation: Co-design for Security Modelling

Digital welfare: designing for more nuanced forms of access

Contact Info

Product

Resources

About