Engaging stakeholders during late stage security design with assumption personas

Abstract

Purpose - This paper aims to present an approach where assumption personas are used to engage stakeholders in the elicitation and specification of security requirements at a late stage of a system's design. Design/methodology/approach - The author has devised an approach for developing assumption personas for use in participatory design sessions during the later stages of a system's design. The author validates this approach using a case study in the e-Science domain. Findings - Engagement follows by focusing on the indirect, rather than direct, implications of security. More design approaches are needed for treating security at a comparatively late stage. Security design techniques should scale to working with sub-optimal input data. Originality/value - This paper contributes an approach where assumption personas engage project team members when eliciting and specifying security requirements at the late stages of a project.