The Best Laid Plans or Lack Thereof: Security Decision-Making of Different Stakeholder Groups

Shreeve, Ben; Hallett, Joseph; Edwards, Matthew; Ramokapane, Kopo M.; Atkins, Richard; Rashid, Awais

doi:10.1109/tse.2020.3023735

Cited by 10 publications

(5 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Mobilizing Gamification In Projects For Stakeholder Managementmentioning

confidence: 99%

“…One example of how gamification may be used in practice to overcome communication barriers with project stakeholders is provided by Simon (2006), who proposes that design games may be used to "scaffold" dialogue between stakeholders in development projects, also in the early phases of co-design. Shreeve et al (2020) overcome barriers through a game where stakeholders can test their risk level and through this harmonized way be able to discuss risk and risk-taking on shared terms. Ghanbari et al (2015) propose the use of serious gaming to elicit information in software development projects, in which the temporal, geographic and sociocultural diversity of the stakeholders could otherwise present formidable barriers to successful project development.…”

Section: Engage Peoplementioning

confidence: 99%

See 1 more Smart Citation

Project stakeholder engagement through gamification: what do we know and where do we go from here?

Ingvarsson

Hallin

Kier³

2023

IJMPB

View full text Add to dashboard Cite

PurposeThe purpose of this paper is to explore how gamification may be used for project stakeholder engagement.Design/methodology/approachThe paper presents the results of a systematic literature review of extant research concerning the gamification of projects. Based on this, an agenda for future studies is outlined.FindingsExtant research on the gamification of projects is scarce and scattered among various disciplines, but the engineering fields dominate. The research performed does indicate that gamification may be used for involving stakeholders in projects, primarily by promoting learning, but also by engaging them, motivating action and solving problems.Research limitations/implicationsIn several cases, extant research display poor quality in research design and a lack in cross-disciplinary perspectives, which means that more research is needed. The users’ perspective is often lacking. Furthermore, the ideas gamification might be “hidden” within other technologies.Practical implicationsThe findings of this research may assist project management practitioners in the endeavor of adopting gamification principles to better involve stakeholders.Originality/valueThe study fills a gap in summarizing the research on how gamification may be used to promote project stakeholder engagement. Based on this, it proposes a research agenda for future research on the use of gamification to promote project stakeholder engagement.

show abstract

Section: Mobilizing Gamification In Projects For Stakeholder Managementmentioning

confidence: 99%

Section: Engage Peoplementioning

confidence: 99%

Project stakeholder engagement through gamification: what do we know and where do we go from here?

Ingvarsson

Hallin

Kier³

2023

IJMPB

View full text Add to dashboard Cite

show abstract

“…To help software developers understand decision making around security, the authors in [175] have used a facilitated game, Agile App Security Game based on the game Decisions Disruptions. This game is now utilized extensively in the UK in the management of cyber security training [176]. Static analysis is a software testing mechanism that does not require code execution (unlike dynamic analysis).…”

Section: Figure 2 Threat Modeling Process [61]mentioning

confidence: 99%

Security risks in the software development lifecycle: A review

Odera¹,

Otieno²,

Ounza³

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

Software security is one of the most critical concerns in modern software development, especially in safety-critical systems whose failure can lead to environmental damage, substantial property, or loss of human lives. In addition, flawed applications have been shown to exhibit unpredictable behavior while software products with numerous vulnerabilities present attack vectors that can be exploited by attackers. To address some of these problems, vulnerability prediction has been deployed for early detection of security risks in the software development lifecycle (SDLC). This can potentially facilitate decision making during the SDLC, resulting in the production of more secure software. Prioritizing security during SDLC permits developers and stakeholders to identify and resolve possible security concerns early on in the process. The aim of this paper is therefore to offer some in-depth review of software systems security issues. In addition, the various measures that have been put in place to mitigate security issues during SDLC are discussed.

show abstract

“…Organizational Processes and Security Culture. In addition to individual factors that contribute to security, research has identified organizational processes and culture that impact software security [23], [26], [28], [49], [57], [58], [63]. Haney et al studied organizations developing cryptographic products [24] and found a strong security mindset as well as high expertise in cryptography.…”

Section: Related Workmentioning

confidence: 99%

How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study

Gutfleisch

Klemmer

Busch

et al. 2022

2022 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

For software to be secure in practice, users need to be willing and able to appropriately use security features. These features are usually implemented by software professionals during the software development process (SDP), who may be unable to consider the usability of these mechanisms.While research has made progress in supporting developers in creating secure software products, very little attention has been paid to whether and how these security features are made usable. In a semi-structured interview study with 25 software professionals (software developers, designers, architects), we explored how they and other decision-makers encounter and deal with security and usability during the software development process in their companies.Based on 37 hours of interview recordings, we qualitatively analyzed and investigated 23 distinct development contexts in detail. In addition to individual awareness and factors that directly influence the implementation phase, we identify a high impact of contextual factors, such as stakeholder pressure, presence of expertise, and collaboration culture, and the specific implementation of the SDP on usable security in software products. We conclude our work by highlighting important gaps, such as studying and improving contextual factors that contribute to usable security and discussing potential improvements of the status quo.

show abstract

The Best Laid Plans or Lack Thereof: Security Decision-Making of Different Stakeholder Groups

Cited by 10 publications

References 28 publications

Project stakeholder engagement through gamification: what do we know and where do we go from here?

Project stakeholder engagement through gamification: what do we know and where do we go from here?

Security risks in the software development lifecycle: A review

How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study

Contact Info

Product

Resources

About