Towards a framework to promote the development of secure and usable online information security applications

The proliferation of the internet and associated online activities exposes users to numerous information security (InfoSec) threats. Such online activities attract a variety of online users who include novice computer users with no basic InfoSec awareness knowledge. Information systems that collect and use sensitive and confidential personal information of users need to provide reliable protection mechanisms to safeguard this information. Given the constant user involvement in these systems and the notion of users being the weakest link in the InfoSec chain, technical solutions alone are insufficient. The usability of online InfoSec systems can play an integral role in making sure that users use the applications effectively, thereby improving the overall security of the applications. The development of online InfoSec systems calls for addressing the InfoSec problem as a social problem, and such development must seek to find a balance between technical and social aspects. The research addressed the problem of usable security in online InfoSec applications by using an approach that enabled the consideration of both InfoSec and usability in viewing the system as a socio-technical system with technical and social sub-systems. Therefore, the research proposed a socio-technical framework that promotes the development of usable security for online information systems using online banking as a case study. Using a convergent mixed methods research (MMR) design, the research collected data from online banking users through a survey and obtained the views of online banking developers through unstructured interviews. The findings from the two research methods contributed to the selection of 12 usable security design principles proposed in the sociotechnical information security (STInfoSec) framework. The research contributed to online InfoSec systems theory by developing a validated STInfoSec framework that went through an evaluation process by seven field experts. Although intended for online banking, the framework can be applied to other similar online InfoSec applications, with minimum adaptation. The STInfoSec framework provides checklist items that allow for easy application during the development process. The checklist items can also be used to evaluate existing online banking websites to identify possible usable security problems.Computer ScienceD. Phil. (Computer Science

The development of secure and usable systems.

"People are the weakest link in the security chain"---Bruce Schneier. The aim of the thesis is to investigate the process of designing secure systems, and how designers can ensure that security mechanisms are usable and effective in practice. The research perspective is one of security as a socio-technical system. A review of the literature of security design and Human Computer Interactions in Security (HCISec) reveals that most security design methods adopt either an organisational approach, or a technical focus. And whilst HCISec has identified the need to improve usability in computer security, most of the current research in this area is addressing the issue by improving user interfaces to security tools. Whilst this should help to reduce users' errors and workload, this approach does not address problems which arise from the difficulty of reconciling technical requirements and human factors. To date, little research has been applied to socio-technical approaches to secure system design methods. Both identifying successful socio-technical design approaches and gaining a better understanding of the issues surrounding their application is required to address this gap. Appropriate and Effective Guidance for Information Security (AEGIS) is a socio-technical secure system development methodology developed for this purpose. It takes a risk-based approach to security design and focuses on recreating the contextual information surrounding the system in order to better inform security decisions, with the aim of making these decisions better suited to users' needs. AEGIS uses a graphical notation defined in the UML Meta-Object Facility to provide designers with a familiar and well- supported means of building models. Grid applications were selected as the area in which to apply and validate AEGIS. Using the research methodology Action Research, AEGIS was applied to a total of four Grid case studies. This allowed in the first instance the evaluation and refinement of AEGIS on real- world systems. Through the use of the qualitative data analysis methodology Grounded Theory, the design session transcripts gathered from the Action Research application of AEGIS were then further analysed. The resulting analysis identified important factors affecting the design process - separated into categories of responsibility, motivation, stakeholders and communication. These categories were then assembled into a model informing the factors and issues that affect socio-technical secure system design. This model therefore provides a key theoretical insight into real-world issues and is a useful foundation for improving current practice and future socio-technical secure system design methodologies

A manifesto for a socio-technical approach to NHS and social care IT-enabled business change - to deliver effective high quality health and social care for all

80% of IT projects are known to fail. Adopting a socio-technical approach will help them to succeed in the future. The socio-technical proposition is simply that any work system comprises both a social system (including the staff, their working practices, job roles, culture and goals) and a technical system (the tools and technologies that support and enable work processes). These elements together form a single system comprising interacting parts. The technical and the social elements need to be jointly designed (or redesigned) so that they are congruent and support one another in delivering a better service. Focusing on one aspect alone is likely to be sub-optimal and wastes money (Clegg, 2008). Thus projects that just focus on the IT will almost always fail to deliver the full benefits

The societal embedding of sustainable Product-Service Systems: Looking for synergies between strategic design and transition studies

Copyright @ 2014 Greenleaf Publishing.Eco-efficient Product-Service System (PSS) innovations represent a promising approach to sustainability, but their implementation and diffusion is hindered by several cultural, corporate and regulative barriers. Hence, an important challenge is not only to conceive sustainable PSS concepts, but also to understand how to manage, support and orient the introduction and diffusion of these concepts. Building upon recent advances in the innovation studies field (in particular the contributions from transition studies) this chapter puts forward a conceptual framework for the introduction and scaling-up of eco-efficient PSSs. A key role is given to the implementation of socio-technical experiments: protected spaces where radical innovations can be tested, become more mature, and potentially challenge and change dominant socio-technical practices, habits and institutions. Starting from these considerations this chapter investigates the potential contribution that a strategic design approach can make to stimulating and supporting the societal embedding of eco-efficient PSS innovations. A new strategic design role thus emerges, a role in which the ideation and development of sustainable PSS concepts is coupled with the designing of appropriate transition paths to gradually incubate, introduce and diffuse these concepts. Starting from these considerations the chapter outlines and discusses the new design approach and capabilities required by strategic designers

The role of socio-technical experiments in introducing sustainable Product-Service System innovations

This is the pre-print version of the chapter published in 2015 by Springer in the book “The Handbook of Service Innovation” (edited by Renu Agarwal, Willem Selen, Göran Roos and Roy Green). The final publication is available at Springer via http://dx.doi.org/10.1007/978-1-4471-6590-3_18Product-Service System (PSS) innovations represent a promising approach to sustainability, but their implementation and diffusion are hindered by several cultural, corporate, and regulative barriers. Hence, an important challenge is not only to conceive sustainable PSS concepts, but also to understand how to manage, support, and orient the introduction and diffusion of these concepts. Building upon insights from transition studies (in particular, the concepts of Strategic Niche Management and Transition Management), and through an action research project, the chapter investigates the role of design in introducing sustainable radical service innovations. A key role is given to the implementation of socio-technical experiments, partially protected spaces where innovations can be incubated and tested, become more mature, and potentially favor the implementation and scaling up process

How the design of socio-technical experiments can enable radical changes for sustainability

Sustainability requires radical innovations, but their introduction and diffusion usually encounter the opposition of existing socio-technical regimes. An important challenge is, therefore, to understand how to catalyse and support the process of transitioning towards these innovations. Building upon insights from transition studies (in particular the concepts of Strategic Niche Management and Transition Management), and through an action research project (aimed at designing, introducing and diffusing a sustainable mobility system in the suburban areas of Cape Town), the paper investigates the role of design in triggering and orienting societal transformations. A key role is given to the implementation of socio-technical experiments. A new socio-technical system design role emerges: a role in which the ideation and development of sustainable innovation concepts is coupled with the designing of appropriate transition paths to gradually incubate, introduce and diffuse these concepts

Improving Design of Micro-business Systems via VSM and Constituent Orientation Analysis

This paper describes recent design research into prototypical ‘classes’ of designs for operational business systems for micro-businesses of 1-10 employees typical of traditional craft and contemporary information economies. Business process design is an increasingly important and relatively new sub-field of design and design research. Its increasing importance is driven by three factors made more potent by information technology: increasing ability for very small business units to contribute to local and national economies; potential for increased efficiency of micro-businesses via reduction in Coasian transaction costs; increasingly competitive business environments leading to pressure on micro-businesses to deeply cut costs; and increased potential for improved design of micro-business processes to create significant benefits for the micro-businesses themselves and to local and national economies. The analyses used in this paper combine Tellefsen's perspective on constituent orientation with Beerian Viable System analysis and Cashflow Quadrant analysis (Beer, 1972, 1988, 1989, 1995; Kiyosaki & Lechter, 2007; Tellefsen, 1995, 1999, 2001; Tellefsen & Love, 2003). These analyses are used to identify promising foci of design effort particularly with the intention of automating and systematizing business activities. The paper first describes the importance of developing improved guidelines for design of organisational structures and business processes in the micro-business arena. It then outlines the structural, humanistic, financial, business management and computerized automation considerations that need to be addressed. Design issues are illustrated via mini case studies of three characteristic micro-businesses in the areas of publishing, plumbing, and rental investment. The paper shows how improvements to the design of business processes can be viewed through how four constituent orientations: • Self employed • Business managers • Business owners • Investors The paper concludes by integrating the outcomes of the above analyses into a preliminary checklist for the design of effective and efficient automated and systematized business processes for micro-businesses and small business enterprises. Keywords: Business Process Design, Micro-Business, Viable Systems, Constituent Orientation, Cashflow Quadrant Analysis.</p

Report of the FAO/CRFM/MALMR Regional Workshop on the Collection of Demographic Information on Coastal Fishing Communities and its Use in Community-Based Fisheries and Integrated Coastal Zone Management in the Caribbean

One part of the two-part Science-to-Action Guidebook. The other part was intended for scientists, and this part is for decision-makers. Recognizing the importance of informed decisions and the differences between the scientific and decision-making processes, this guidebook provides practical tips on how to best bring these worlds together. In doing so, this guidebook emphasizes the roles of facilitating, synthesizing, translating, and communicating science to inform conservation action. It is geared toward the perspective of decision-makers working in tropical developing nations and focusing on marine resource management issues. However, the concepts are applicable to a broad range of scientists and decision-makers worldwide

Fostering energy efficiency dynamics through ex-ante strategic niche management: the UK perspective

The United Kingdom building sector has been challenged to retrofit a huge stock of existing buildings in order to increase its adaptive capacity for climate change impacts. Addressing such challenges will require systematic structural changes in both, socio-technical and socio-political infrastructure. A numbers of studies have suggested the approach of strategic niche management of transition for sustainable technological regimes. Accordingly, any such transition would follow processes: early stages of niche formation; creation of policy mechanism required to harness the niches; niche expansion into incumbent regime; and the regime transition into more sustainable technological regime. Following this, the UK Government has introduced a raft of initiatives; one of which is “Green Deal” to enable buildings to become energy efficient through retrofit technologies, ultimately contributing towards the national goal of achieving 80% reduction in carbon emission by 2050. This paper serves three purposes. First, the paper introduces multi-level socio-technical system for construction/retrofitting in building industry. Second, the ex-ante strategic niche management approach has been used to analyse the dynamic of “Green Deal” initiative. Thereby the paper would critically assess technological, organisational and institutional reforms undertaken for the initiative in the processes for sustainable socio-technical transition. Third, the paper would contribute towards strategic niche management literature which lacks in practical examples of using it as an ex-ante tool for niche building and regime transition