My work on assumption personas for security has recently been accepted for publication in the Information and Computer Security journal. This article presents an approach for engaging stakeholders in a system design project in security at a comparatively late stage in a system’s design. This is made possible by creating assumption personas based on pre-existing design models. While security should be treated as early as possible, in many cases this isn’t possible. This article represents one of the first attempts to document how security can be properly addressed in cases where it is necessary to ‘bolt on’ security to a product, rather than building it in.
Thanks for BU’s Open Access fund, this paper will be made freely available under Emerald’s open access scheme. A link to the paper will be available soon.