CAIRIS – some frequently asked questions

As part of a recent make over of the CAIRIS website , I’ve added some frequently asked questions. If you have questions about CAIRIS then you should check out this page; the chances are your question has been answered there.  If it hasn’t, please get in touch with your question, so I can answer it and add … [Read more…]

Posts about CAIRIS

Those of you that have used CAIRIS know that it’s a big tool, with lots of functionality.  This makes designing documentation for the tool particularly challenging because it’s hard to find an appropriate starting point. To inspire possible uses of CAIRIS, I’ve started to create posts about the different ways CAIRIS can be used together … [Read more…]

CAIRIS website updated

It’s taken a while, but we’re finally in the process of updating the documentation for CAIRIS on the CAIRIS website. So far, the documentation is little more than an online version of the original manual.  However, we have at least fixed a number of annoying typos and, in the coming weeks, we will be updating … [Read more…]

Cybersecurity PhD studentship at BU: what we’re offering, and pointers for your application

We’re hiring! For those of you who don’t already know, we are currently offering a fully-funded PhD studentship in the area of cybersecurity. The studentships is fully-funded by BU and DSTL. It includes a £14000 maintenance grant to cover living expenses, and a fee-waiver for 36 months. Research costs for field work and conference attendance will also be met. … [Read more…]

“Water, Water, Every Where”: Nuances for a Water Industry Critical Infrastructure Specification Exemplar : accepted at CRITIS 2015

Our work exploring nuances in the water industry has recently been accepted at the 10th International Conference on Critical Infrastructures Security (CRITIS 2015). It’s assumed that what we know about the security of one form of critical infrastructure is equally applicable when thinking about others. Unfortunately, this is not the case. In this paper, we … [Read more…]

Ethics, fairness, mysteries, and the beach!

Although this blog has been quiet in recently months, it’s certainly been a busy few months on the research front. In early July, I presented work carried out in collaboration with John McAlaney and Claudia Iacob on ethical dilemmas and dimensions in penetration testing at HAISA.  We’re still engaging with a number of CREST companies as part of … [Read more…]

ESPRE is back!

I’m delighted to announce that Kristian Beckers, Seok-Won Lee, Nancy Mead and I are running another ESPRE workshop at RE’15. We look forward to seeing your awesome work on pushing the state of the Security & Privacy Requirements Engineering art at Ottawa in August.

Usability and Security by Design: A Case Study in Research and Development — accepted by USEC 2015

Our case study on ‘usability and security’ by design has been accepted for publication  at the NDSS Workshop on Usable Security (USEC 2015).  This paper is joint work with myself, John Lyle, Ivan Fléchais, and Andy Simpson.  The  paper describes a three-year study where security and usability techniques were used in a research and development project … [Read more…]

Engaging Stakeholders during Late Stage Security Design with Assumption Personas: accepted by IACS

My work on assumption personas for security has recently been accepted for publication in the Information and Computer Security journal.  This article presents an approach for engaging stakeholders in a system design project in security at a comparatively late stage in a system’s design.  This is made possible by creating assumption personas based on pre-existing design … [Read more…]

Social Psychology of Cybersecurity paper accepted at CSSS 2015

Work by John McAlaney, Jacqui Taylor, and myself on the social psychology of cybersecurity has been accepted at the 1st International Conference on Cyber Security for Sustainable Society.  This paper argues for a focus specifically on the role of social psychology in cybersecurity. The experience of psychologists in applying experimental research in ethically sensitive topics … [Read more…]