A grounded theory approach to security policy elicitation. (8th October 2018)
- Record Type:
- Journal Article
- Title:
- A grounded theory approach to security policy elicitation. (8th October 2018)
- Main Title:
- A grounded theory approach to security policy elicitation
- Authors:
- Foley, Simon N.
Rooney, Vivien - Abstract:
- Abstract : Purpose: In this paper, the authors consider how qualitative research techniques that are used in applied psychology to understand a person's feelings and needs provides a means to elicit their security needs. Design/methodology/approach: Recognizing that the codes uncovered during a grounded theory analysis of semi-structured interview data can be interpreted as policy attributes, the paper develops a grounded theory-based methodology that can be extended to elicit attribute-based access control style policies. In this methodology, user-participants are interviewed and machine learning is used to build a Bayesian network-based policy from the subsequent (grounded theory) analysis of the interview data. Findings: Using a running example – based on a social psychology research study centered around photograph sharing – the paper demonstrates that in principle, qualitative research techniques can be used in a systematic manner to elicit security policy requirements. Originality/value: While in principle qualitative research techniques can be used to elicit user requirements, the originality of this paper is a systematic methodology and its mapping into what is actionable, that is, providing a means to generate a machine-interpretable security policy at the end of the elicitation process.
- Is Part Of:
- Information and computer security. Volume 26:Number 4(2018)
- Journal:
- Information and computer security
- Issue:
- Volume 26:Number 4(2018)
- Issue Display:
- Volume 26, Issue 4 (2018)
- Year:
- 2018
- Volume:
- 26
- Issue:
- 4
- Issue Sort Value:
- 2018-0026-0004-0000
- Page Start:
- 454
- Page End:
- 471
- Publication Date:
- 2018-10-08
- Subjects:
- Computer security -- Psychology -- Access control -- Computer privacy -- Computer users
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-12-2017-0086 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8619.xml