Examining the Contribution of Critical Visualisation to Information Security

This paper examines the use of visualisations in the field of information security and in particular focuses on the practice of information security risk assessment. We examine the current roles of information security visualisations and place these roles in the wider information visualisation discourse.\ud We present an analytic lens which divides visualisations into three categories: journalistic, scientic and critical visualisations. We then present a case study that uses these three categories of visualisations to further support information security practice.\ud Two signicant results emerge from this case study: (1) visualisations that promote critical thinking and reflection (a form of critical visualisation) support the multi-stakeholder nature of risk assessment and (2) a preparatory stage in risk assessment is sometimes needed by service designers in order to establish the service design before conducting a formal risk assessment.\ud The reader is invited to explore the images in the digital version of this paper where they can zoom in to particular aspects of the images and view the images in colour

Teaching as a Collaborative Practice:Reframing Security Practitioners as Navigators

The need is growing for a workforce with both technical skills and the ability to navigate existing and emerging information security challenges. Practitioners can no longer depend upon process-driven approaches to people, processes and IT systems to manage information security. They need to be navigators of the entire environment to effectively integrate controls to protect information and technology. The research presented in this paper trialed an innovative tactile learning activity developed through the European Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security (TREsPASS) project with tertiary education students, designed to provide students with experience in real-world modelling of complex information security scenarios. The outcomes demonstrate that constructing such models in an educational setting are a means of encouraging exploration of the multiple dimensions of security. Such teaching may be a means of teaching social, organization and technical navigation skills necessary to integrate security controls in complex settings