Towards Advanced Enterprise Information Systems Engineering - Solving Resilience, Security and Usability Issues within the Paradigms of Socio-Technical Systems

Wilson Goudalo, Christophe Kolski

Abstract

Resilience and Security are very important attributes for most enterprise Information Systems (IS). These systems have human users with various capabilities, experiences and behaviors. Therefore, they have to be resilient, secure and usable. Resilience requires the capacity to prepare and adapt, facing perpetuating evolutionary conditions, and to restore full capability after an incident or an attack. We track and solve Resilience, Security and Usability issues jointly in Enterprise IS. This challenge requires considering the ergonomics of interactions, effectiveness and efficiency of the task realization, user satisfaction, and trust as well as human feelings when using the secure services. In this paper, we propose an approach based on paradigms of socio-technical systems to model the interplay between resilience, security and usability. We detail a case study illustrating the proposed approach and detailing the elaboration of user-experience-based design patterns.

References

  1. Alexander, C, Ishikawa, S & Silverstein, M 1977, 'A Pattern Language: Towns, Buildings, Construction', Oxford University Press, New-York.
  2. ANSSI, 2014, 'Résilience de l'Internet français', Internet resources http://www.ssi.gouv.fr/ [Accessed: 11/11/2015].
  3. Bevan, N 2009, 'Extending quality in use to provide a framework for usability measurement', In M. Kurosu (ed), Human centered design, HCII 2009, pp.13-22, Heidelberg, Germany, Springer-Verlag.
  4. Birge, C 2009, 'Enhancing Research into Usable Privacy and Security', SIGDOC 09: Proceedings of the 27th ACM international conference on Design of communication, October 2009.
  5. Blakley, B, Heath, C and members of The Open Group Security Forum 2004, 'Security design patterns', Technical Report G031, The Open Group, Apr. 2004. URL http://www.opengroup.org/publications/catalog/g 031.htm, [Accessed: 13/11/2015].
  6. Braz, C, Seffah, A, Raihi, DM, 2007, 'Designing a TradeOff Between Usability and Security: A Metrics BasedModel', In Proc. Interact, LNCS 4663, pp. 114-126.
  7. Clarke, N & Furnell, S 2014, 788th Int'l Symposium on Human Aspects of Information Security & Assurance (HAISA 2014)78, Nathan Clarke, Steven Furnell (eds), Plymouth, UK, July 8-9, 2014. ISBN: 978-1-84102- 375-5.
  8. Cranor, L 2006, 'Usable Privacy and Security', Lorrie Cranor's courses, Internet resources http://cups.cs.cmu. edu/courses/ups-sp06/ [Accessed: 13/11/2015].
  9. Cranor, LF & Blase, U 2015, 'Usable Privacy and Security', Lecturer materials, Courses January 2015, Carnegie Mellon University, CyLab. http://cups.cs.cm u.edu/courses/ups-sp14 [Accessed: 13/11/2015].
  10. Cranor, LF & Garfinkel, S 2005, 'Security and Usability: Designing Secure Systems that People Can Use', Ed. O'Reilly, ISBN-13: 978-0596008277.
  11. DCSSI 2009, 'Fiche d'expression rationnelle des objectifs de sécurité', http://circulaire.legifrance.gouv.fr/pdf/200 9/04/cir_1982.pdf [Accessed: 14/11/2015].
  12. Emery, E 1967, 'The next thirty years: concepts, methods and anticipation', Human relations #20, pp. 199-237.
  13. Ferrary, M 2014, 'Management des ressources humaines: Marché du travail et acteurs stratégiques', Ed. Dunod, Paris, France, ISBN-13: 978-2100713172.
  14. French penal code 2015, 'De l'atteinte à la vie privée', article 226-1, [Accessed: 14/11/2015].
  15. Goudalo, W & Seret, D 2008, 'Towards the Engineering of Security of Information Systems (ESIS): UML and the IS Confidentiality', Proceedings at the Second International Conference on Emerging Security Information, Systems and Technologies, pp. 248-256, IEEE Computer Society Washington, DC, USA.
  16. Goudalo, W & Seret, D 2009, 'The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes', SECURWARE 2009, 3rd Int'l Conf on Emerging Security Information, Systems and Technologies, IARIA, pp.105-113.
  17. Goudalo, W 2011, 'Toward Engineering of Security of Information Systems: The Security Acts', Proc. 5th Int'l Conf. Emerging Security Information, Systems and Technologies, IARIA, 2011, pp.44-50.
  18. Hertzum, M, Clemmensen, T, Hornbaek, K, Kumar, J, Qingxin, S & Yammiyavar, P 2007, 'Usability constructs: A cross-cultural study of how users and developers experience their use of information systems', In Proceedings of HCI International 2007, pp. 317-326, Beijing, China: Springer-Verlag.
  19. Hollnagel, E, Woods, D, D & Leveson, N 2006, 'Resilience engineering. Concepts and precepts', Ashgate, Aldershot.
  20. IBM Corporation 2014, 'Understanding big data so you can act with confidence', Doc. Ref. IMM14123USEN, June 2014, http://www-01.ibm.com, [Accessed: 13/11/2015].
  21. ISO 9241-110 2006, 'Ergonomics of human-system interaction', Part 110 Dialogue principles.
  22. ISO 9241-12 1998, 'Ergonomic requirements for office work with visual display terminals (VDTs)78, Part 12 Presentation of information.
  23. ISO/IEC 2700x 2010, 'Information technology Security techniques'.
  24. KPMG International 2014, 'Managing the data challenge in banking. Why is it so hard?78, Document published on June 2014, http://www.kpmg.com, [Accessed: 13/11/2015].
  25. Laprie, JC 2008, “From dependability to resilience”, dans Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2008), Supplemental Volume, Anchorage, USA, june 2008.
  26. Larson, RC 2008, 'Service science: At the intersection of management, social, and engineering sciences', IBM Systems Journal, 47, pp.41-51.
  27. Lewis, JR 2014, 'Usability: Lessons Learned … and Yet to Be Learned', International Journal of HumanComputer Interaction, 30:9, pp. 663-684.
  28. Luzeaux, D 2011, 'Engineering Large-Scale Complex Systems', In Luzeaux D., Ruault J.-R. & Wippler J.-L. (eds), Complex Systems and Systems of Systems Engineering, ISTE-Wiley, London, pp.3-84.
  29. Mahatody, T, Sagar, M & Kolski, C 2010, 'State of the Art on the Cognitive Walkthrough method, its variants and evolutions', International Journal of Human-Computer Interaction, 26 (8), pp.741-785.
  30. Palin, PJ 2013, 'Resilience: Cultivating the virtue', Internet resources http://www.hlswatch.com/2013/08/29/resilie nce-cultivating-the-virtue/ [Accessed: 11/11/2015].
  31. Piètre-Cambacèdés, L 2010, 'Des relations entre sûreté et sécurité', Ph.D in Software and Network, Paris.
  32. ReSIST 2015, 'Resilience for Survivability in IST', A European Network of Excellence, http://www.resistnoe.org, [Accessed: 13/11/2015].
  33. Rousseau, DM, Sitkin,S, B, Burt, R, S & Camerer, C 1998, 'Not So Different After All: A Cross-Discipline View Of Trust', Academy of Management Review,vol.23 no.3 pp.393-404.
  34. Ruault, J.R, Kolski, C, Vanderhaegen, F & Luzeaux, D, 2015, 'Sûreté et sécurité : différences et complémentarités', Conférence C&ESAR 2015, Résilience des systèmes numériques, Rennes, France.
  35. Salloway, A & Trott, J, R 2002, 'Design patterns par la pratique', Eyrolles, Paris.
  36. Sasse, MA 2007, 'Red-Eye Blink, Bendy Shuffle, and the Yuck Factor: A User Experience of Biometric Airport Systems', IEEE Security & Privacy, vol. 5, no. 3, May/June 2007, pp.78-81.
  37. SBIC (Security for Business Innovation Council) 2008, 'The Time is now: making information security strategic to business innovation', RSA Security, Bedford MA.
  38. Schneider, FB 1998, 'Trust in Cyberspace', Committee on Information Systems Trustworthiness, National Research Council, Washington, D.C.
  39. Schumacher, M 2003, 'Security engineering with patterns: origins, theoretical models, and new applications', Springer, 2003, LCNS 2754
  40. Seffah, A, Donyaee, M, Kline, R,B, Padda, H, K 2006, 'Usability measurement and metrics: A consolidated model', Software Quality Journal, vol. 14, pp.159-178.
  41. Shackel, B 2009, 'Usability-Context, Framework, Definition, Design, and Evaluation', Human Factors for Informatics Usability, B. Shackel and S. Richardson (eds), Cambridge Univ. Press, pp.21-37.
  42. Singh, MP 2013, 'Norms as a basis for governing sociotechnical systems', ACM Transactions on Intelligent Systems and Technology (TIST) - Special Section on Intelligent Mobile Knowledge Discovery and Management Systems and Special Issue on Social Web Mining archive. Volume 5 Issue 1, December 2013. New York, NY, USA.
  43. Sperber, D, Wilson, D 1995, "Relevance: Communication and Cognition", 2nd Edition, ISBN: 978-0-631-19878- 9, 338 pages, December 1995, Wiley-Blackwell
  44. Trist, EL, Higgin, G,W, Murray, H & Pollock, A,B 1963, 'Organizational Choice: Capabilities of Groups at the Coal Face under Changing Technologies', The Loss, Rediscovery & Transformation of a Work Tradition, Tavistock Publications, London.
  45. Umhoefer, C, Rofé, J & Lemarchand, S 2014, 'Le big data face au défi de la confiance', Document published on June 2014 http://www.bcg.fr, [Accessed: 13/11/2015].
  46. Westin, AF 1968, 'Privacy And Freedom', 25 Wash. & Lee L. Rev. 166, http://scholarlycommons.law.wlu.edu/wl ulr/vol25/iss1/20 [Accessed: 13/11/2015].
  47. Wharton, C, Rieman, J, Lewis, C & Polson, P 1994, 'The cognitive walkthrough method: A practitioner's guide', In J. Nielsen & R. L. Mack (Eds.), Usability inspection methods, John Wiley & Sons, New York, pp.105-140.
  48. Winter, S, Wagner, S & Deissenboeck, F 2007, 'A comprehensive model of usability', In Engineering Interactive Systems, pp.106-122, Heidelberg, Germany: International Federation for Information Processing.
  49. Yee, KP 2002, 'User Interaction Design for Secure Systems', Proc. 4th Int'l Conf. Information and Communications Security, Springer-Verlag, 2002, pp. 278-290.
Download


Paper Citation


in Harvard Style

Goudalo W. and Kolski C. (2016). Towards Advanced Enterprise Information Systems Engineering - Solving Resilience, Security and Usability Issues within the Paradigms of Socio-Technical Systems . In Proceedings of the 18th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-187-8, pages 400-411. DOI: 10.5220/0005835904000411


in Bibtex Style

@conference{iceis16,
author={Wilson Goudalo and Christophe Kolski},
title={Towards Advanced Enterprise Information Systems Engineering - Solving Resilience, Security and Usability Issues within the Paradigms of Socio-Technical Systems},
booktitle={Proceedings of the 18th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2016},
pages={400-411},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005835904000411},
isbn={978-989-758-187-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 18th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Towards Advanced Enterprise Information Systems Engineering - Solving Resilience, Security and Usability Issues within the Paradigms of Socio-Technical Systems
SN - 978-989-758-187-8
AU - Goudalo W.
AU - Kolski C.
PY - 2016
SP - 400
EP - 411
DO - 10.5220/0005835904000411