Blog
About

222
views
0
recommends
+1 Recommend
1 collections
    5
    shares
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Building Attacker Personas in Practice — a Digital Banking Example

      Proceedings of the 32nd International BCS Human Computer Interaction Conference (HCI)

      Human Computer Interaction Conference

      4 - 6 July 2018

      Personas/attacker personas, Information security, Digital banking, User-/adversary-centred design

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          In this short paper, a framework for building attacker personas based on a 10-step process model borrowed from user-centred design is proposed and applied to digital banking. In line with conventional personas, attacker personas are archetypical attackers to a system and ideally characterise the full threat landscape to a system. Benefits of attacker personas are currently seen in the context of generic security awareness programmes, usage by security experts alongside other threat modelling techniques and to ‘make threats real’ for non-experts in an organisation. However, attacker personas are by no means a mature method in information security—the largest drawback is currently a lack of their integration into threat modelling and the wider security management environment. The research report presented here covers the chosen methodology including data sources as well as the seven attacker personas proposed for digital banking systems. This work is primarily viewed as a basis for discussion to help foster methodological advancement for building better attacker personas in the future. Current limitations as well as potential future research directions are therefore given in the last part of this paper to promote discussion and collaboration with others in academia and industry.

          Related collections

          Most cited references 6

          • Record: found
          • Abstract: not found
          • Book: not found

          Scenarios as springboard in CSCW design

            Bookmark
            • Record: found
            • Abstract: not found
            • Book: not found

            Persona-centred information security awareness

             D. Ki-Aries,  S. Faily (2017)
              Bookmark
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              Adversary-centred design: threat modelling using anti-scenarios, anti-use cases and anti-personas

               A Steele,  X Jia (2008)
                Bookmark

                Author and article information

                Contributors
                Conference
                July 2018
                July 2018
                : 1-5
                Affiliations
                Royal Holloway, University of London

                Egham Hill, Egham TW20 0EX, UK
                Article
                10.14236/ewic/HCI2018.147
                © Moeckel. Published by BCS Learning and Development Ltd. Proceedings of British HCI 2018. Belfast, UK.

                This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

                Proceedings of the 32nd International BCS Human Computer Interaction Conference
                HCI
                32
                Belfast, UK
                4 - 6 July 2018
                Electronic Workshops in Computing (eWiC)
                Human Computer Interaction Conference
                Product
                Product Information: 1477-9358BCS Learning & Development
                Self URI (journal page): https://ewic.bcs.org/
                Categories
                Electronic Workshops in Computing

                Comments

                Comment on this article