By Topic

2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)

Date 8-8 Sept. 2011

Filter Results

Displaying Results 1 - 17 of 17
  • [Front cover]

    Publication Year: 2011, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (438 KB)
    Freely Available from IEEE
  • [Title page]

    Publication Year: 2011, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (49 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2011, Page(s): ii
    Request permission for commercial reuse | PDF file iconPDF (25 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2011, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (43 KB)
    Freely Available from IEEE
  • Foreword from the general chairs

    Publication Year: 2011, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (35 KB) | HTML iconHTML
    Freely Available from IEEE
  • Conference committee

    Publication Year: 2011, Page(s): vi
    Request permission for commercial reuse | PDF file iconPDF (72 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2011, Page(s): vii
    Request permission for commercial reuse | PDF file iconPDF (61 KB)
    Freely Available from IEEE
  • Author index

    Publication Year: 2011, Page(s): 69
    Request permission for commercial reuse | PDF file iconPDF (41 KB)
    Freely Available from IEEE
  • Security requirements engineering via commitments

    Publication Year: 2011, Page(s):1 - 8
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1809 KB) | HTML iconHTML

    Security Requirements Engineering (SRE) is concerned with the elicitation of security needs and the specification of security requirements of the system-to-be. Current approaches to SRE either express stakeholders' needs via high-level organisational abstractions that are hard to map to system design, or specify only technical security requirements. In this paper, we introduce SecCo, an SRE framew... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information security as organizational power: A framework for re-thinking security policies

    Publication Year: 2011, Page(s):9 - 16
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2317 KB) | HTML iconHTML

    Successful enforcement of information security requires an understanding of a complex interplay of social and technological forces. Drawing on socio-technical literature to develop an analytical framework, we examine the relationship between security policies and power in organizations. We use our framework to study three examples of security policy from a large empirical study n an international ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Controlled data sharing in E-health

    Publication Year: 2011, Page(s):17 - 23
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1326 KB) | HTML iconHTML

    In the last few years, the necessity of having documents in electronic format has been growing over and over. This phenomenon affects also healthcare organizations that have adopted a new model for managing clinical information based on so called Electronic Patient Records. On the one hand, the introduction of such models allows to easily share information among several and widespread healthcare o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An approach to measure effectiveness of control for risk analysis with game theory

    Publication Year: 2011, Page(s):24 - 29
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1195 KB) | HTML iconHTML

    Security managers are facing problems choosing effective controls (countermeasures), as there is large number of controls at their disposal. Although the existing standards and methods provide guidance, they are not sufficiently comprehensive when it comes to deciding what attributes to look for and how to use them for determining the effectiveness of controls. The purpose of this paper is twofold... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Camera use in the public domain: Towards a ”Big Sister” approach

    Publication Year: 2011, Page(s):30 - 36
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1586 KB) | HTML iconHTML

    The use of cameras is growing: not only personal computers and laptops are standard equipped with a camera, but also the public domain is increasingly equipped with cameras. Today's camera is not merely a pair of eyes. A surveillance camera can see much more than a single person can do. The rapid proliferation of camera technologies makes today's cameras beyond human vision. Although these cameras... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • User study of the improved Helios voting system interfaces

    Publication Year: 2011, Page(s):37 - 44
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1573 KB) | HTML iconHTML

    There is increasing interest in cryptographic verifiability in remote electronic voting schemes. Helios is one example of an open-source implementation. In previous work, we proposed an improved version of the original Helios interface in version 3.1 for vote casting and individual verifiability. We now test this interface in a mock mayoral election set up with 34 users. Users are given instructio... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Information security management systems and socio-technical walkthroughs

    Publication Year: 2011, Page(s):45 - 51
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1583 KB) | HTML iconHTML

    Information Security Management is related to the design of socio-technical work processes. The development and reflection of this kind of processes can be supported with the field-tested method of the socio-technical walkthrough (STWT). Within a project of raising security standards for a university administration infrastructure, STWT was combined with common ISMS methodology. During this project... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On-line trust perception: What really matters

    Publication Year: 2011, Page(s):52 - 59
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3013 KB) | HTML iconHTML

    Trust is an essential ingredient in our daily activities. The fact that these activities are increasingly carried out using the large number of available services on the Internet makes it necessary to understand how users perceive trust in the online environment. A wide body of literature concerning trust perception and ways to model it already exists. A trust perception model generally lists a se... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trustworthy and effective communication of cybersecurity risks: A review

    Publication Year: 2011, Page(s):60 - 68
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1089 KB) | HTML iconHTML

    Slowly but surely, academia and industry are fully accepting the importance of the human element as it pertains to achieving security and trust. Undoubtedly, one of the main motivations for this is the increase in attacks (e.g., social engineering and phishing) which exploit humans and exemplify why many authors regard them as the weakest link in the security chain. As research in the socio-techni... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.