A systematic review of Information security knowledge-sharing research

It is crucial for knowledge to be shared in the information security domain. In effect, sharing ensures that knowledge and skills are propagated through the organisation. Here, we report on a systematic literature review we carried out to gain insight into the literature related to information security knowledge sharing within organisations. The literature highlights the importance of security knowledge sharing in terms of enhancing organisational security awareness, and identifies gaps that can be addressed by researchers in the area

Distilling Privacy Requirements for Mobile Applications

As mobile computing applications have become commonplace, it is increasingly important for them to address end-users’ privacy requirements. Privacy requirements depend on a number of contextual socio-cultural factors to which mobility adds another level of contextual variation. However, traditional requirements elicitation methods do not sufficiently account for contextual factors and therefore cannot be used effectively to represent and analyse the privacy requirements of mobile end users. On the other hand, methods that do investigate contextual factors tend to produce data that does not lend itself to the process of requirements extraction. To address this problem we have developed a Privacy Requirements Distillation approach that employs a problem analysis framework to extract and refine privacy requirements for mobile applications from raw data gathered through empirical studies involving end users. Our approach introduces privacy facets that capture patterns of privacy concerns which are matched against the raw data. We demonstrate and evaluate our approach using qualitative data from an empirical study of a mobile social networking application

A 3-Dimensional relevance model for collaborative software engineering spaces

Today's large software projects are often characterised by distributed environments with numerous developers separated in space and/or time. This separation means that the common understanding and tacit knowledge that is a feature of closely colocated project teams is very hard to come by. As a consequence, relatively simple tasks such as identifying functionally related modules or finding individuals who are experts in aspects of the system become more challenging and time-consuming. This paper presents a Continuum of Relevance Index (CRI) model that uses information gathered from developer IDE interactions to generate orderings of relevant tasks, project artefacts and developers. A case study is used to demonstrate how the model can be used to attain a shared knowledge and common understanding of the extent to which tasks, artefacts and developers are relevant in a group development work context

Enabling hazard identification from requirements and reuse-oriented HAZOP analysis

The capability to identify potential system hazards and operability problems, and to recommend appropriate mitigation mechanisms is vital to the development of safety critical embedded systems. Hazard and Operability (HAZOP) analysis which is mostly used to achieve these objectives is a complex and largely human-centred process, and increased tool support could reduce costs and improve quality. This work presents a framework and tool prototype that facilitates the early identification of potential system hazards from requirements and the reuse of previous experience for conducting HAZOP. The results from the preliminary evaluation of the tool suggest its potential viability for application in real industrial context

Using ontologies and machine learning for hazard identification and safety analysis

Safety analysis (SA) procedures, such as hazard and operability analysis (HazOp) and failure mode and effect analysis (FMEA), are generally regarded as repetitious, time consuming, costly and require a lot of human involvement. Previous efforts have targeted automated support for SA at the design stage of system development. However, studies have shown that the cost of correcting a safety error is much higher when done at the later stages than the early stages of system development. Hence, relative to previous approaches, this chapter presents an approach for hazard identification (HazId) based on requirements and reuse-oriented safety analysis. The approach offers a convenient starting point for the identification of potential system safety concerns from the RE phase of development. It ensures that knowledge contained in both the requirements document and previously documented HazOp projects can be leveraged in order to attain a reduction in the cost of SA by using established technologies such as ontology, case-based reasoning (CBR), and natural language processing (NLP). The approach is supported by a prototype tool, which was assessed by conducting a preliminary evaluation. The results indicate that the approach enables reuse of experience in conducting safety analysis, provides a sound basis for early identification of system hazards when used with a good domain ontology and is potentially suitable for application in practice by experts