research-article

Examining the Contribution of Critical Visualisation to Information Security

Authors:
Peter Hall

Griffith University, Queensland College of Art, QLD4101, Australia, +61737353158

Griffith University, Queensland College of Art, QLD4101, Australia, +61737353158
View Profile

,
Claude Heath

Royal Holloway, University of London, TW200EX, UK, +441783443084

Royal Holloway, University of London, TW200EX, UK, +441783443084
View Profile

,
Lizzie Coles-Kemp

Royal Holloway, University of London, TW200EX, UK, +441783443084

Royal Holloway, University of London, TW200EX, UK, +441783443084
View Profile

,
Axel Tanner

IBM Research Division, CH 8803, Rueschlikon, Switzerland, +41447248249

IBM Research Division, CH 8803, Rueschlikon, Switzerland, +41447248249
View Profile

NSPW '15: Proceedings of the 2015 New Security Paradigms WorkshopSeptember 2015Pages 59–72https://doi.org/10.1145/2841113.2841118

Published:08 September 2015Publication History

NSPW '15: Proceedings of the 2015 New Security Paradigms Workshop

Pages 59–72

ABSTRACT

This paper examines the use of visualisations in the field of information security and in particular focuses on the practice of information security risk assessment. We examine the current roles of information security visualisations and place these roles in the wider information visualisation discourse. We present an analytic lens which divides visualisations into three categories: journalistic, scientific and critical visualisations. We then present a case study that uses these three categories of visualisations to further support information security practice.

Two significant results emerge from this case study: (1) visualisations that promote critical thinking and reflection (a form of critical visualisation) support the multi-stakeholder nature of risk assessment and (2) a preparatory stage in risk assessment is sometimes needed by service designers in order to establish the service design before conducting a formal risk assessment.

The reader is invited to explore the images in the digital version of this paper where they can zoom in to particular aspects of the images and view the images in colour.

References

U. Beck. Risk society: Towards a new modernity, volume 17. Sage Publications, 1992.Google Scholar
R. Bernstein. Beyond Objectivism and Relativism: Science, Hermeneutics, and Praxis. University of Pennsylvania Press, 1983.Google Scholar
J. Bertin. Semiology of graphics: diagrams, networks, maps. 1983. Google ScholarDigital Library
S. Bleikertz, T. Gross, and S. Moedersheim. Modeling and analysis of dynamic infrastructure clouds. 2013. Online; accessed 2015-04-02.Google Scholar
A. Cameron. Ground zero--the semiotics of the boundary line. Social Semiotics, 21(3):417--434, 2011.Google ScholarCross Ref
R. Chambers et al. Whose reality counts?: putting the first last. Intermediate Technology Publications Ltd (ITP), 1997.Google ScholarCross Ref
C. Cipolla and E. Manzini. Relational services. Knowledge, Technology & Policy, 22(1):45--50, 2009.Google ScholarCross Ref
J. Crampton, G. Gutin, and A. Yeo. On the parameterized complexity and kernelization of the workflow satisfiability problem. ACM Transactions on Information and System Security (TISSEC), 16(1):4, 2013. Google ScholarDigital Library
J. W. Crampton. Mapping: A critical introduction to cartography and GIS, volume 11. John Wiley & Sons, 2011.Google Scholar
M. Douglas and A. Wildavsky. Risk and culture: An essay on the selection of technological and environmental dangers. Univ of California Press, 1983.Google ScholarCross Ref
P. Dourish. What we talk about when we talk about context. Personal and ubiquitous computing, 8(1):19--30, 2004.Google Scholar
P. Dourish, R. E. Grinter, J. D. De La Flor, and M. Joseph. Security in the wild: user strategies for managing security as an everyday, practical problem. Personal and Ubiquitous Computing, 8(6):391--401, 2004. Google ScholarCross Ref
J. Drucker. SpecLab: Digital aesthetics and projects in speculative computing. University of Chicago Press, 2009. Google ScholarDigital Library
P. Ehn. Participation in design things. In Proceedings of the Tenth Anniversary Conference on Participatory Design 2008, pages 92--101. Indiana University, 2008. Google ScholarDigital Library
U. Eisenreich. Teamwork sociogram. http://http://www.hier-eisenreich.org, 2002. Online; accessed 2015-04-05.Google Scholar
L. C. Freeman. Visualizing social networks. Journal of social structure, 1(1):4, 2000.Google Scholar
P. Galison. Images scatter into data, data gather into images. Images: A Reader, page 236, 2006.Google Scholar
P. Hall, A. Blauvelt, E. Lupton, R. Giampietro, and W. A. Center. Graphic design: now in production : Chapter: Bubbles, lines and string: how information shapes society. Walker Art Center, Minneapolis, MN, c2011.Google Scholar
J. B. Harley. Maps, knowledge, and power. Geographic Thought-A praxis perspective, 2009.Google Scholar
C. P. Heath, L. Coles-Kemp, and P. A. Hall. Logical lego?: Co-constructed perspectives on service design. NordDesign 2014, Proceedings, 2014.Google Scholar
R. I. V. Hodge. Social semiotics. Cornell University Press, 1988.Google Scholar
M. James, A. McFarland Daniel, and B.-D. Skye. Dynamic network visualization: Methods for meaning with longitudinal network movies. American Journal of Sociology, 110(4):1206--1241, 2005.Google ScholarCross Ref
V. Krebs. Finding go-to people and subject matter experts {sme}. http://www.orgnet.com/experts.html, 2008. Online; accessed 2015-04-05.Google Scholar
T. S. Kuhn. The structure of scientific revolutions. University of Chicago press, 1962.Google Scholar
M. M. Lankhorst, H. A. Proper, and H. Jonkers. The architecture of the archimate language. In Enterprise, Business-Process and Information Systems Modeling, pages 367--380. Springer, 2009.Google ScholarCross Ref
B. Latour. A cautious prometheus? a few steps toward a philosophy of design (with special attention to peter sloterdijk. In Proceedings of the 2008 Annual International Conference of the Design History Society, Universal Publishers, pages 2--10, 2008.Google Scholar
Mandiant. Mandiant intelligence center report, 2013: Apt1 exposing one of china's cyber espionage units. http://intelreport.mandiant.com/, 2013. Online; accessed 2015-04-05.Google Scholar
Mandiant. Mandiant threat report: M-trends 2015: A view from the front lines. https://www.mandiant.com/resources/mandiant-reports, 2015. Online; accessed 2015-04-05.Google Scholar
R. Marty. Applied security visualization. Addison-Wesley Upper Saddle River, 2009. Google ScholarDigital Library
S. Nikolow. "Words divide, pictures unite". Otto Neurath's pictorial statistics in historical context, volume 2 of Image and imaging in philosophy, science and the arts, pages 85--98. ontos Verlag, 2011.Google Scholar
A. H. Robinson. Early thematic mapping in the history of cartography. 1982.Google Scholar
D. Rosenberg and A. Grafton. Cartographies of Time: a History of the Timeline. Princeton Architectural Press, 2013.Google Scholar
H. Rosling. Gapminder - a fact-based worldview. http://www.gapminder.org, 2005. Online; accessed 2015-04-02.Google Scholar
T. Segaran and J. Hammerbacher. Beautiful data: the stories behind elegant data solutions. "O'Reilly Media, Inc.", 2009.Google Scholar
E. Segel and J. Heer. Narrative visualization: Telling stories with data. Visualization and Computer Graphics, IEEE Transactions on, 16(6):1139--1148, 2010. Google ScholarDigital Library
B. Sherrill, C. Poulin, D. Kaplan, D. Franklin, E. Maor, J. Kravitz, L. Horacek, P. Cobb, R. Hay, and S. Moore. Ibm x-force threat intelligence quarterly, 1q 2015. http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=WGL03073USEN, 2015. Online; accessed 2015-04-02.Google Scholar
B. Shneiderman. Designing the user interface-strategies for effective human-computer interaction. Pearson Education India, 1986. Google ScholarDigital Library
The Open Group. Risk taxonomy technical standard. www.opengroup.org/onlinepubs/9699919899/toc.pdf, 2009. Online; accessed 2015-04-05.Google Scholar
Trustwave. 2014 trustwave global security report. https://www.trustwave.com/gsr, 2014. Online; accessed 2015-04-05.Google Scholar
E. R. Tufte. The visual display of quantitative information, 2nd edition. Graphics Press, 2001.Google Scholar
Verizon. Verizon 2015 data breach investigations report. http://www.verizonenterprise.com/DBIR/2015, 2014. Online; accessed 2015-04-05.Google Scholar
M. Wattenberg. Numbers, words and colors; presentation at the mit hyperstudio humanities + digital conference on visual interpretation, cambridge mass.web. http://video.mit.edu/watch/numbers-words-and-colors-9598, 2010. Online; accessed 2015-04-07.Google Scholar
D. Wood. Rethinking the power of maps. Guilford Press, 2010.Google Scholar

Recommendations

Reflective HCI: towards a critical technical practice
CHI EA '04: CHI '04 Extended Abstracts on Human Factors in Computing Systems
Read More
The humanities and/in HCI
CHI EA '12: CHI '12 Extended Abstracts on Human Factors in Computing Systems

In the past two decades, as technology has moved from the workplace to nearly all aspects of our everyday lives, HCI has also increased the breadth and depth of its research agenda. The breadth increase can be seen in the increasingly broad ...
Read More
Taxonomy of information security risk assessment (ISRA)

Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
NSPW '15: Proceedings of the 2015 New Security Paradigms Workshop
September 2015
163 pages
ISBN:9781450337540
DOI:10.1145/2841113
General Chair:
Anil Somayaji
Carleton University
,
Program Chairs:
Rainer Böhme
University of Muenster
,
Paul Van Oorschot
Carleton University
,
Publications Chair:
Mohammad Mannan
Concordia University
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 September 2015
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Visualisation
critical discourse
cultural studies
design
design research methods
humanities
risk assessment
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate62of170submissions,36%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 187
  Total Downloads
- Downloads (Last 12 months)13
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Examining the Contribution of Critical Visualisation to Information Security

NSPW '15: Proceedings of the 2015 New Security Paradigms Workshop

ABSTRACT

References

Cited By

Recommendations

Reflective HCI: towards a critical technical practice

The humanities and/in HCI

Taxonomy of information security risk assessment (ISRA)