Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Unified Models and Framework for Querying Distributed Data Across Polystores Kapitel lesen Erstes Kapitel lesen

2024 | OriginalPaper | Buchkapitel

US4USec: A User Story Model for Usable Security

verfasst von : Mohamad Gharib

Erschienen in: Research Challenges in Information Science

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Constant integration of new technologies in our daily lives exposes us to various security threats. While numerous security solutions have been developed to protect us from these threats, they fail due to users’ insufficient comprehension of how to employ them optimally. This challenge often stems from inadequate capture of Usable Security (USec) requirements, leading to these requirements being overlooked or not properly considered in the final solution, resulting in barely usable security solutions. A viable solution is to adeptly capturing USec requirements. Although techniques like User Stories (US) have gained popularity for focusing on users’ needs, they encounter difficulties when dealing with non-functional requirements (NFR), like USec. This occurs due to the lack of well-defined US models explicitly tailored to address these particular requirements. This paper aims to tackle this issue by proposing US4USec, a US model tailored for USec. US4USec has been constructed based on best practices for the consideration and integration of NFR into US models that have been identified via a Systematic Literature Review (SLR). The coverage and completeness of US4USec have been demonstrated by applying it to a set of security US.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel An Approach for Discovering Data-Driven Object Lifecycle Processes
Nächstes Kapitel Do Cialdini’s Persuasion Principles Still Influence Trust and Risk-Taking When Social Engineering is Knowingly Possible?
Fußnoten
1
Detailed information about papers selection, summary of their contributions, and pros and cons of each used method of the final selected papers can be found at https://​zenodo.​org/​records/​10806824.
 
2
A security feature may not always depend on a functional feature. Consequently, the functional feature and its AC are optional.
 
4
The results of applying the US4USec model to the set of security US can be found at https://​zenodo.​org/​records/​10806824.
 
Literatur
1.
Lennartsson, M., Kavrestad, J., Nohlberg, M.: Exploring the meaning of usable security - a literature review. Info. Comput. Secur. 29(4), 647–663 (2021)CrossRef
2.
Jean Camp, L.: Mental models of privacy and security. IEEE Technol. Soc. Mag. 28(3), 37–46 (2009)CrossRef
3.
4.
Gutfleisch, M., Klemmer, J.H., Busch, N., Acar, Y., Sasse, M.A., Fahl, S.: How does usable security (not) end up in software products? Results from a qualitative interview study. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 893–910 (2022)
5.
Medeiros, J., Vasconcelos, A., Goulao, M., Silva, C., Araujo, J.: An approach based on design practices to specify requirements in agile projects. In: The ACM Symposium on Applied Computing, pp. 1114–1121 (2017)
6.
7.
Cohn, M.: User Stories Applied for Agile Software Development (2004)
8.
9.
10.
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)CrossRef
11.
Kitchenham, B., Brereton, P., Budgen, D., Turner, M., Bailey, J., Limkman, S.: Systematic literature reviews in software engineering - a systematic literature review. Inf. Softw. Technol. 51(1), 7–15 (2009)CrossRef
12.
Marques, A.B., Costa, A.F., Santos, I., Maria Castro De Andrade, R.: Enriching user stories with usability features in a remote agile project: a case study. In: ACM International Conference Proceeding Series, pp. 1–10 (2022)
13.
Lopes, L.A., Pinheiro, E.G., Da Silva, T.S., Zaina, L.A.M.: Using UxD artefacts to support the writing of user stories: findings of an empirical study with agile developers. In: ACM International Conference Proceeding Series, vol. Part F1477, pp. 1–4. Association for Computing Machinery (2018)
14.
Nielsen, J.: 10 Usability Heuristics for User Interface. TR (1995)
15.
Domah, D., Mitropoulos, F.J.: The NERV methodology: a lightweight process for addressing non-functional requirements in agile software development. In: IEEE SOUTHEASTCON, pp. 1–7 (2015)
16.
Ionita, D., van der Velden, C., Ikkink, HJ.K., Neven, E., Daneva, M., Kuipers, M.: Towards risk-driven security requirements management in agile software development. In: Cappiello, C., Ruiz, M. (eds.) Information Systems Engineering in Responsible Information Systems, CAiSE 2019. LNBIP, vol. 350, pp. 133–144. Springer, Cham (2019). https://​doi.​org/​10.​1007/​978-3-030-21297-1_​12
17.
Lucassen, G., Dalpiaz, F., Martijn, J., Van Der Werf, E.M., Brinkkemper, S.: Forging high-quality user stories: towards a discipline for agile requirements. In: Requirements Engineering Conference, pp. 126–135. IEEE (2015)
18.
Lindland, O.I., Sindre, G., Solvberg, A.: Understanding quality in conceptual modeling. IEEE Softw. 11(2), 42–49 (1994)CrossRef
19.
Mujinga, M., Eloff, M.M., Kroeze, J.H.: Towards a heuristic model for usable and secure online banking. In: Proceedings of the 24th Australasian Conference on Information Systems, pp. 1–12 (2013)
20.
Yeratziotis, A., Pottas, D., van Greunen, D.: A usable security heuristic evaluation for the online health social networking paradigm. Int. J. Hum. Comput. Interact. 28(10), 678–694 (2012)CrossRef
21.
Metadaten
Titel
US4USec: A User Story Model for Usable Security
verfasst von
Mohamad Gharib
Copyright-Jahr
2024
Buch
Research Challenges in Information Science

Print ISBN: 978-3-031-59464-9

Electronic ISBN: 978-3-031-59465-6

Copyright-Jahr: 2024

DOI
https://doi.org/10.1007/978-3-031-59465-6_16

Premium Partner

    Bildnachweise