Policy Specification Experiment

Results (primary data) of the experiment on matching user types of Dupree to different policy specification paradigms for achieving better effectiveness, efficiency and satisfaction in the context of privacy settings for SRA services.The research conducted in the experiment has been supported by the German Ministry of Education and Research projects “Nationales Referenzprojekt zur IT-Sicherheit in der Industrie 4.0 (IUNO)” (grant no. 16KIS0328) and “Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen (TrUSD)” (grant no. 16KIS0898).The results exist in two Excel files and an HSQL databas

Usable Specification of Security and Privacy Demands: Matching User Types to Specification Paradigms

However, formulating their own abstract data protection requirements is already a challenge for them. The mapping of these requirements to concrete setting options in an application is even more challenging—partially because the user interfaces for data protection settings are not tailored to the needs of different user types. This is one of the reasons why only few users make data protection settings regularly and purposefully. In this paper, we describe different specification paradigms for privacy settings and evaluate which paradigm best suits different user types. We investigate with which paradigm a certain user type achieves the best results in terms of objective and perceived correctness, efficiency and satisfaction

Eliciting requirements from citizens: What can we learn from other disciplines?

[Context and motivation] The elicitation of requirements is an essential step for requirements engineers to build products and services that fit the needs of users and customers. In environments with connected systems, such as cyber-physical systems or digital ecosystems, several different stakeholders exist that have diverse requirements. One such environment is the smart city district that is the focus of our research project “EnStadt:Pfaff”. [Question/problem] One main question in such a context is how to elicit citizens’ requirements and needs and how to motivate them to participate in creating digital services and apps that support their lives. [Principal ideas/results] Traditional requirements engineering and elicitation activities (such as workshops) are also relevant in such contexts, but we are also looking for new formats that may-be are more suitable for citizen crowds. We assume that we can learn from other disciplines about their methods and ways, e.g. to motivate citizens. [Contribution] We identified four disciplines and present their benefits for requirements engineering from our perspective. Our goal is to foster further discussions when presenting the corresponding poster

Satisfying and Efficient Privacy Settings

Data protection is becoming increasingly important for users of digital services. Recent studies show that users are concerned that they have too little control over their personal data. However, users also complain that current interfaces for specifying privacy and security settings are too time-consuming and complicated. Therefore, we first identified the existing ways to configure these settings. Then, we experimentally examined which way of specification is best suited for a certain user type in terms of satisfaction or efficiency. Regarding efficiency, the type of specification with the smallest number of options, called security level, is best suited for all users. Regarding satisfaction, there is not a single type of specification that fits all user types, but different user types prefer different types of specification

Anforderungen und Rahmenwerk für den betrieblichen Datenschutz

In diesem Beitrag berichten wir über einen Ansatz zur Entwicklung praxistauglicher und rechtskonformer Lösungen für den betrieblichen Datenschutz. Wir geben einen Überblick über unseren agilen RE-Prozess bei der Anforderungserhebung, Modellierung und Lösungskonzeption und berichten über die Besonderheiten, etwa beim Umgang mit gegensätzlichen Stakeholderinteressen und konkurrierenden Qualitätseigenschaften

A User-Centered Model for Usable Security and Privacy

Security, privacy and usability are vital quality attributes of IT systems and services. Users and legal authorities demand that systems are secure and preserve privacy. At the same time, security and privacy mechanisms should not complicate workflows and must be transparent for the user. In order to master this challenge, a close involvement of the users is necessary - both at development and at run-time. In this paper, we present a user-centered model for usable security and privacy that is aligned with user-centered design guidelines [34] and the Human-Centered Design process [28]. Based on this model, we present an initial method for the design of usable security systems. Through active involvement of the user, the model and the method are meant to help developers to identify and solve shortcomings of their security and privacy echanisms. We motivate our work and present our results based on an Internet of Things / smart home scenario. Due to the amount of private data and strong data protection laws, both usability and privacy are of major importance in this domain. However, our model and method are not limited to the smart home domain, but can be applied whenever usable security and privacy are of particular interest for a system under development