Design Considerations for Building Credible Security Testbeds: Perspectives from Industrial Control System Use Cases

This paper presents a mapping framework for design factors and an implementation process for building credible Industrial Control Systems (ICS) security testbeds. The security and resilience of ICSs has become a critical concern to operators and governments following widely publicised cyber security events. The inability to apply conventional Information Technology security practice to ICSs further compounds challenges in adequately securing critical systems. To overcome these challenges, and do so without impacting live environments, testbeds are widely used for the exploration, development, and evaluation of security controls. However, how a testbed is designed and its attributes, can directly impact not only its viability but also its credibility. Combining systematic and thematic analysis, and the mapping of identified ICS security testbed design attributes, we propose a novel relationship map of credibility-supporting design factors (and their associated attributes) and a process implementation flow structure for ICS security testbeds. The framework and implementation process highlight the significance of demonstrating some design factors such as user/experimenter expertise, clearly defined testbed design objectives, simulation implementation approach, covered architectural components, core structural and functional characteristics covered, and evaluations to enhance confidence, trustworthiness and acceptance of ICS security testbeds as credible. These can streamline testbed requirement definition, improve design consistency and quality while reducing implementation costs

Guidelines for the usability evaluation of a BI application within a coal mining organization

Business Intelligence (BI) applications are consulted by their users on a daily basis. BI information obtained assist users to make business decisions and allow for a deeper understanding of the business and its driving forces. In a mining environment companies need to derive maximum benefit from BI applications, therefore these applications need to be used optimally. Optimal use depends on various factors including the usability of the product. The documented lack of usability evaluation guidelines provides the rationale for this study. The purpose is to investigate the usability evaluation of BI applications in the context of a coal mining organization. The research is guided by the question: What guidelines should be used to evaluate the usability of BI applications. The research design included the identification of BI usability issues based on the observation of BI users at the coal mining organization. The usability criteria extracted from the usability issues were compared and then merged with general usability criteria from literature to form an initial set of BI usability evaluation criteria. These criteria were used as the basis for a heuristic evaluation of the BI application used at the coal mining organization. The same application was also evaluated using the Software Usability Measurement Inventory (SUMI) standardised questionnaire. The results from the two evaluations were triangulated to provide a refined set of criteria. The main contribution of the study is the heuristic evaluation guidelines for BI applications (based on these criteria). These guidelines are grouped in the following functional areas: visibility, flexibility, cognition, application behaviour, error control and help, affect and BI elements.Information ScienceM.Sc. (Information Systems

Ανάπτυξη ενός εννοιολογικού και μεθοδολογικού πλαισίου διαχείρισης και προσδιορισμού των εμποδίων και των ευκαιριών για την υιοθέτηση υπηρεσιών ηλεκτρονικής διακυβέρνησης

Στόχος της παρούσας εργασίας είναι διττός, αναπτύξαμε ένα εννοιολογικό και μεθοδολογικό πλαίσιο διαχείρισης και προσδιορισμού των εμποδίων και των ευκαιριών για την υιοθέτηση υπηρεσιών ηλεκτρονικής διακυβέρνησης με τη βοήθεια «μοντέλων προσδιορισμού της χρήσης/υιοθέτησης των εμποδίων/ευκαιριών» και αναπτύξαμε μία νέα «σύνθεση μεθοδολογιών αξιολόγησης της ευχρηστίας των υπηρεσιών ηλεκτρονικής διακυβέρνησης» η οποία εφαρμόσθηκε στην υπηρεσία ηλεκτρονικής διαβούλευσης της Ελλάδας. Η «Σύνθεση Μεθοδολογιών» συνίσταται από τις ακόλουθες μεθόδους αξιολόγησης: τις Ευρετικές Αρχές του Nielsen, τη μέθοδο Γνωστικής Περιδιάβασης, τη μέθοδο Επιθεώρησης, την αξιολόγηση από ειδικούς, τη μέθοδο πολιτικής ανάλυσης, το ερωτηματολόγιο, το σενάριο. Το ερωτηματολόγιο που κατασκευάσαμε ακολουθεί τις οδηγίες διαδικτυακής ευχρηστίας HHS και το πρότυπο ευχρηστίας ISO9241-151. Παράλληλα, προτείνουμε τη χρήση του «Μοντέλου UTAUT-PBO» Τέσσερα μοντέλα προέκυψαν τα οποία εντοπίζουν τα εμπόδια ή τις ευκαιρίες στη χρήση των υπηρεσιών ηλεκτρονικής στην EΕ-27+. Εντοπίζουμε μεθοδολογικό κενό στην αξιολόγηση των υπηρεσιών ηλεκτρονικής διακυβέρνησης στην ΕΕ η οποία επικεντρώνεται στην πλευρά της προσφοράς κι αφού οι υπηρεσίες έχουν παραχθεί. Προτείνουμε σε επίπεδο στρατηγικής να ακολουθηθεί ένα πλαίσιο υιοθέτησης των υπηρεσιών ηλεκτρονικής διακυβέρνησης κατά τη φάση του σχεδιασμού των υπηρεσιών που να λαμβάνει υπόψη τα εμπόδια και τις ευκαιρίες κι επικεντρωθήκαμε στη χρήση των υπηρεσιών.The aim of this thesis is twofold, a conceptual and methodological framework for the management and identification of obstacles and opportunities for the adoption of e-Government (e-Gov) services was developed. A new composition methodology of web usability evaluation of e-Gov services applied on e-deliberation service of Greece. The synthesis of methodologies consists of the following assessment methods: the Nielsen’s Heuristics, the Cognitive walkthrough method, the Inspection method, Expert testing, Policy analysis method, Questionnaire and Scenario as data collective methods. The questionnaire constructed following the HHS web usability guidelines as well as web usability standard ISO9241-151. In parallel, the adoption model of UTAUT-PBO was proposed. Four models derived identifying barriers or opportunities of use of e-Gov services in the EU-27+. A methodological gap in the evaluation of e-Gov in the EU exists. Europe focuses on the supply side and after the e-Gov services have been produced. It is suggested EU to follow a framework for adoption of e-Gov services in the design phase of services that takes into account the barriers and opportunities of adoption of e-Gov services