Workshop, ACM. pages 49–57
Go Kentaro and M. Carroll John, 2004.Scenario-Based Task Analysis. In Dan Diaper and Neville A. Stanton, editors, The Handbook of Task Analysis for Human-Computer Interaction.
Gollmann Dieter, 2006. Computer security. John Wiley & Sons, 2nd edition
H. Saltzer Jerome and D. Schroeder Michael, 1975. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308
Haukelid Knut, 2008.Theories of (safety) culture revisited-an anthropological approach. Safety Science, 46(3):413–426
Helokunnas Tuija and Kuusisto Rauno, 2003.Information security culture in a value net. In Proceedings of the 2003 Engineering Management Conference, IEEE Computer Society .pages 190–194.
Holtzblatt Karen, B. Wendell Jessamyn and Wood Shelley, 2005.Rapid contextual design: a how-to guide to key techniques for user-centered design. Elsevier
Hope Paco, McGraw Gary and I. Antón Annie, 2004. Misuse and abuse cases: getting past the positive. IEEE Security & Privacy, 2(3):90–92
IBM. IBM Rational DOORS, 2010
Iivari Juhani, Hirschheim Rudy and K. Klein Heinz, 1998.A paradigmatic analysis contrasting information systems development approaches and methodologies. Information Systems Research, 9(2):164–193
International Standard IEC 1025 Fault Tree Analysis (FTA), 1990. International Electrotechnical Commission
ISO. ISO 9241-11. Ergonomic requirements for office work with visual display terminals (VDT)s – Part 11 Guidance on usability. Technical report, 1998 [137] ISO. ISO/IEC 13407: Human-Centered Design Processes for Interactive Systems. ISO/IEC, 1999.
ISO. ISO/IEC 27001: Information Technology – Security Techniques – Requirements. ISO/IEC, 2005
ISO. ISO/IEC 27002: Information Technology – Security Techniques – Code of Practice for Information Security Management. ISO/IEC, 2007
J. Bannon Liam, 1991.From human factors to human actors: the role of psychology and humancomputer interaction studies in system design. In Joan M. Greenbaum and Morten Kyng, editors, Design at work: cooperative design of computer systems, pages 25–44. 21
Kruchten Philippe, 2003.The Rational Unified Process: An Introduction. Addison-Wesley, 3rd edition,
L. Constantine Larry, 2006.Activity modeling: Towards a pragmatic integration of activity theory with usage-centered design. Technical report, Laboratory for Usage-centered Software Engineering,
L. Garfinkel Simson, 2005.Design principles and patterns for computer systems that are simultaneously secure and usable. PhD thesis, Cambridge, MA, USA
L. Star Susan and R. Griesemer James, 1989. Institutional ecology, “translations” and boundary objects: Amateurs and professionals in berkeley’s museum of vertebrate zoology, 1907-39. Social Studies of Science, 19(3):387–420
Lauesen Soren, 2005.User interface design: a software engineering perspective. Pearson Addison Wesley
Liebenau Jonathan and Backhouse James, 1990. Understanding Information: an Introduction.Macmillan
M. Spivey John, 1992.The Z notation: a reference manual. Prentice Hall International
Maiden Neil and Jones Sara, 2004.The RESCUE Requirements Engineering Process: An Integrated User-Centered Requirements Engineering Process.
McDermott John and Fox Chris, 1999.Using abuse case models for security requirements analysis. In Proceedings of the 15th Annual Computer Security Applications Conference, ACSAC ’99, Washington, DC, USA,. IEEE Computer Society. Pages 55–75,
Moody Fred, 1996.I Sing the Body Electronic: A Year with Microsoft on the Multimedia Frontier. Penguin USA
Moody Laurence Daniel, Heymans Patrick and Matulevicius Raimundas, 2009 .Improving the effectiveness of visual representations in requirements engineering: An evaluation of i* isual syntax. In Proceedings of the 17th IEEE International Requirements Engineering Conference, IEEE Computer Society .pages 171–180
Mouratidis Haralambos and Giorgini Paolo, 2007. Secure Tropos: A Security-Oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering, 17(2):285–309
N. Chapman Christopher and P. Milham Russell, 2006.The persona’s new clothes: Methodological and practical arguments against a popular method. Proceedings of the Human Factors and Ergonomics Society 50th Annual Meeting.[Online] Available from
Nuseibeh Bashar and Easterbrook Steve, 2000. Requirements engineering: a roadmap. In ICSE’00: Proceedings of the Conference on The Future of Software Engineering, ACM. pages 35–46
R. Mead Nancy, 2010. Benefits and challenges in the use of case studies for security requirements engineering methods. International Journal of Secure Software Engineering, 1(1):74–91
R. Mead Nancy, D. Hough Eric, and R. Stehney II Theodore, 2005.Security Quality Requirements Engineering (SQUARE) Methodology. Technical Report CMU/SEI-2005-TR-009, Carnegie Mellon Software Engineering Institute
Royal Society of London. 1983. Risk Assessment: A Study Group Report. Royal Society
S. Ackerman Mark, 2000, The intellectual challenge of CSCW: the gap between social requirements and technical feasibility. Human-Computer Interaction, 15(2):179–203
Schmidt Holger, 2010. Threat- and risk-analysis during early security requirements engineering. In Proceedings of the 5th International Conference on Availability, Reliability and Security, IEEE Computer Society. Pages 188–195
Schneier Bruce, 2000.Secrets & Lies : Digital Security in a Networked World. John Wiley & Sons,
Schneier Bruce, 2003.Beyond Fear: Thinking Sensibly about Security in an Uncertain World. Springer-Verlag New York
Seffah Ahmed and Metzker Eduard, 2004.The obstacles and myths of usability and software engineering. Communications of the ACM, 47(12):71–76
Sindre Guttorm and Opdahl L Andreas, 2005. Eliciting security requirements with misuse cases.Requirements Engineering, 10(1):34–44
Singh Supriya and Bartolo Kylie, 2005. Grounded Theory and User Requirements: a challenge for qualitative research. Australasian Journal of Information Systems, 12(1): 90–102
Sommerville Ian and Sawyer Pete, 1999.Requirements engineering: a good practice guide. John Wiley & Sons
Sommerville Ian, 2007.Software Engineering. Pearson Education Limited, 8th edition
Sutcliffe Alistair, 2005. Convergence or competition between software engineering and human computer interaction. In Ahmed Seffah, Jan Gulliksen, and Michel C. Desmarais, editors, Human-Centered Software Engineering: Integrating Usability in the Software Development Lifecycle. Springer
T.Hartman J.Skulmocki ,2007.”The Delphi Method For Graduate Research” , Jurnal of Information Technology Education,Volume 6,
Thimbleby Harold and Thimbleby Will, 2007. Internalist and externalist HCI. In Proceedings of the 21st British HCI Group Annual Conference, British Computer Society. pages 111–114
van Lamsweerde Axel, 2009. Requirements Engineering: from system goals to UML models to software specifications. John Wiley & Sons
Vincent Mark, 2008.Communicating requirements for business: UML or problem frames? In Proceedings of the 3rd international workshop on Applications and advances of problem frames, ACM .pages 16–22
Whitten Alma and Tygar Doug, 1999 .Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, USENIX Association, pages 169–184
Yee Ka-Ping, 2005.Guidelines and strategies for secure interaction design. In Lorrie Faith Cranor and Simson Garfinkel, editors, Security and Usability: Designing Secure Systems that People Can Use. O’Reilly Media, pages 247–273
Yu Eric, 1997. Towards modeling and reasoning support for early-phase requirements engineering. In Proceedings of the 3rd IEEE International Symposium on Requirements Engineering, IEEE Computer Society. pages 226–235
Zave Pamela, 1997.Classification of research efforts in requirements engineering. ACM Computing Surveys, 29(4):315–321
Zurko Ellen Mary and T. Simon Richard, 1996.User-centered security. In Proceedings of the 1996 New Security Paradigms Workshop, ACM .pages 27–33
پیوست الف
پرسشنامه
با سلام
همانطور که مستحضر هستید، امروزه امنیت اطلاعات از فاکتورهای مهم در تعیین کیفیت سیستم‌های نرم افزاری محسوب می‌شود. استفاده از مکانیزم‌ها و ابزارهای امنیتی که کاربران تمایلی به استفاده از آنها ندارند و برای عدم اجرای پروسه مربوطه تلاش می‌کنند، امنیت نرم افزار تولید شده و در نتیجه کیفیت آن را کاهش خواهد داد. پرسشنامه پیش روی شما در گروه فن آوری اطلاعات دانشکده مهندسی صنایع دانشگاه خواجه نصیرالدین طوسی به منظور تحقیق و بررسی و شناخت فاکتورها و عوامل مؤثر در شناسایی نیازمندیهای قابلیت کاربری و ریسک‌های امنیتی سیستم‌های نرم افزاری در نتیجه طراحی سیستم‌های با قابلیت کاربری و اعتماد بالا، تهیه شده تا مدلی در جهت در نظر گرفتن تمامی فاکتورهای مؤثر و روابط میان این فاکتورها ارائه شود.
از آنجا که دقت و اهتمام جنابعالی در پاسخ صحیح به سؤالات زیر در بررسی و شناخت فاکتورهای مذکور، کمک شایانی خواهد کرد، خواهشمند است ما را در ارائه نتایج معتبر و مدلی جامع یاری نمایید.
پیشاپیش سپاسگزاری خود را نسبت به دقت و اهتمام حضرتعالی در تکمیل شایسته ‌این پرسشنامه اعلام می دارم.
با تشکر
توجه: فرض کنید می خواهید سیستمی طراحی کنید که علاوه بر اینکه از نظر قابلیت استفاده و اعتمادی که از طریق امنیت اطلاعات تأمین خواهد شد، کیفیت بالایی داشته باشد، فاکتورهای امنیتی طراحی شده قابل استفاده بوده و کاربران تمایل به استفاده از مکانیزم‌های امنیتی آن داشته باشند. چنین سیستمی در این پرسشنامه، سیستم قابل کاربرد و قابل اعتماد نامیده می‌شود.
راهنمای تکمیل:
1: خیلی کم 2: کم 3: متوسط 4: زیاد 5: خیلی

دسته بندی : No category

دیدگاهتان را بنویسید