ABSTRACT
This paper examines the use of visualisations in the field of information security and in particular focuses on the practice of information security risk assessment. We examine the current roles of information security visualisations and place these roles in the wider information visualisation discourse. We present an analytic lens which divides visualisations into three categories: journalistic, scientific and critical visualisations. We then present a case study that uses these three categories of visualisations to further support information security practice.
Two significant results emerge from this case study: (1) visualisations that promote critical thinking and reflection (a form of critical visualisation) support the multi-stakeholder nature of risk assessment and (2) a preparatory stage in risk assessment is sometimes needed by service designers in order to establish the service design before conducting a formal risk assessment.
The reader is invited to explore the images in the digital version of this paper where they can zoom in to particular aspects of the images and view the images in colour.
- U. Beck. Risk society: Towards a new modernity, volume 17. Sage Publications, 1992.Google Scholar
- R. Bernstein. Beyond Objectivism and Relativism: Science, Hermeneutics, and Praxis. University of Pennsylvania Press, 1983.Google Scholar
- J. Bertin. Semiology of graphics: diagrams, networks, maps. 1983. Google ScholarDigital Library
- S. Bleikertz, T. Gross, and S. Moedersheim. Modeling and analysis of dynamic infrastructure clouds. 2013. Online; accessed 2015-04-02.Google Scholar
- A. Cameron. Ground zero--the semiotics of the boundary line. Social Semiotics, 21(3):417--434, 2011.Google ScholarCross Ref
- R. Chambers et al. Whose reality counts?: putting the first last. Intermediate Technology Publications Ltd (ITP), 1997.Google ScholarCross Ref
- C. Cipolla and E. Manzini. Relational services. Knowledge, Technology & Policy, 22(1):45--50, 2009.Google ScholarCross Ref
- J. Crampton, G. Gutin, and A. Yeo. On the parameterized complexity and kernelization of the workflow satisfiability problem. ACM Transactions on Information and System Security (TISSEC), 16(1):4, 2013. Google ScholarDigital Library
- J. W. Crampton. Mapping: A critical introduction to cartography and GIS, volume 11. John Wiley & Sons, 2011.Google Scholar
- M. Douglas and A. Wildavsky. Risk and culture: An essay on the selection of technological and environmental dangers. Univ of California Press, 1983.Google ScholarCross Ref
- P. Dourish. What we talk about when we talk about context. Personal and ubiquitous computing, 8(1):19--30, 2004.Google Scholar
- P. Dourish, R. E. Grinter, J. D. De La Flor, and M. Joseph. Security in the wild: user strategies for managing security as an everyday, practical problem. Personal and Ubiquitous Computing, 8(6):391--401, 2004. Google ScholarCross Ref
- J. Drucker. SpecLab: Digital aesthetics and projects in speculative computing. University of Chicago Press, 2009. Google ScholarDigital Library
- P. Ehn. Participation in design things. In Proceedings of the Tenth Anniversary Conference on Participatory Design 2008, pages 92--101. Indiana University, 2008. Google ScholarDigital Library
- U. Eisenreich. Teamwork sociogram. http://http://www.hier-eisenreich.org, 2002. Online; accessed 2015-04-05.Google Scholar
- L. C. Freeman. Visualizing social networks. Journal of social structure, 1(1):4, 2000.Google Scholar
- P. Galison. Images scatter into data, data gather into images. Images: A Reader, page 236, 2006.Google Scholar
- P. Hall, A. Blauvelt, E. Lupton, R. Giampietro, and W. A. Center. Graphic design: now in production : Chapter: Bubbles, lines and string: how information shapes society. Walker Art Center, Minneapolis, MN, c2011.Google Scholar
- J. B. Harley. Maps, knowledge, and power. Geographic Thought-A praxis perspective, 2009.Google Scholar
- C. P. Heath, L. Coles-Kemp, and P. A. Hall. Logical lego?: Co-constructed perspectives on service design. NordDesign 2014, Proceedings, 2014.Google Scholar
- R. I. V. Hodge. Social semiotics. Cornell University Press, 1988.Google Scholar
- M. James, A. McFarland Daniel, and B.-D. Skye. Dynamic network visualization: Methods for meaning with longitudinal network movies. American Journal of Sociology, 110(4):1206--1241, 2005.Google ScholarCross Ref
- V. Krebs. Finding go-to people and subject matter experts {sme}. http://www.orgnet.com/experts.html, 2008. Online; accessed 2015-04-05.Google Scholar
- T. S. Kuhn. The structure of scientific revolutions. University of Chicago press, 1962.Google Scholar
- M. M. Lankhorst, H. A. Proper, and H. Jonkers. The architecture of the archimate language. In Enterprise, Business-Process and Information Systems Modeling, pages 367--380. Springer, 2009.Google ScholarCross Ref
- B. Latour. A cautious prometheus? a few steps toward a philosophy of design (with special attention to peter sloterdijk. In Proceedings of the 2008 Annual International Conference of the Design History Society, Universal Publishers, pages 2--10, 2008.Google Scholar
- Mandiant. Mandiant intelligence center report, 2013: Apt1 exposing one of china's cyber espionage units. http://intelreport.mandiant.com/, 2013. Online; accessed 2015-04-05.Google Scholar
- Mandiant. Mandiant threat report: M-trends 2015: A view from the front lines. https://www.mandiant.com/resources/mandiant-reports, 2015. Online; accessed 2015-04-05.Google Scholar
- R. Marty. Applied security visualization. Addison-Wesley Upper Saddle River, 2009. Google ScholarDigital Library
- S. Nikolow. "Words divide, pictures unite". Otto Neurath's pictorial statistics in historical context, volume 2 of Image and imaging in philosophy, science and the arts, pages 85--98. ontos Verlag, 2011.Google Scholar
- A. H. Robinson. Early thematic mapping in the history of cartography. 1982.Google Scholar
- D. Rosenberg and A. Grafton. Cartographies of Time: a History of the Timeline. Princeton Architectural Press, 2013.Google Scholar
- H. Rosling. Gapminder - a fact-based worldview. http://www.gapminder.org, 2005. Online; accessed 2015-04-02.Google Scholar
- T. Segaran and J. Hammerbacher. Beautiful data: the stories behind elegant data solutions. "O'Reilly Media, Inc.", 2009.Google Scholar
- E. Segel and J. Heer. Narrative visualization: Telling stories with data. Visualization and Computer Graphics, IEEE Transactions on, 16(6):1139--1148, 2010. Google ScholarDigital Library
- B. Sherrill, C. Poulin, D. Kaplan, D. Franklin, E. Maor, J. Kravitz, L. Horacek, P. Cobb, R. Hay, and S. Moore. Ibm x-force threat intelligence quarterly, 1q 2015. http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=WGL03073USEN, 2015. Online; accessed 2015-04-02.Google Scholar
- B. Shneiderman. Designing the user interface-strategies for effective human-computer interaction. Pearson Education India, 1986. Google ScholarDigital Library
- The Open Group. Risk taxonomy technical standard. www.opengroup.org/onlinepubs/9699919899/toc.pdf, 2009. Online; accessed 2015-04-05.Google Scholar
- Trustwave. 2014 trustwave global security report. https://www.trustwave.com/gsr, 2014. Online; accessed 2015-04-05.Google Scholar
- E. R. Tufte. The visual display of quantitative information, 2nd edition. Graphics Press, 2001.Google Scholar
- Verizon. Verizon 2015 data breach investigations report. http://www.verizonenterprise.com/DBIR/2015, 2014. Online; accessed 2015-04-05.Google Scholar
- M. Wattenberg. Numbers, words and colors; presentation at the mit hyperstudio humanities + digital conference on visual interpretation, cambridge mass.web. http://video.mit.edu/watch/numbers-words-and-colors-9598, 2010. Online; accessed 2015-04-07.Google Scholar
- D. Wood. Rethinking the power of maps. Guilford Press, 2010.Google Scholar
Recommendations
Reflective HCI: towards a critical technical practice
CHI EA '04: CHI '04 Extended Abstracts on Human Factors in Computing SystemsThe humanities and/in HCI
CHI EA '12: CHI '12 Extended Abstracts on Human Factors in Computing SystemsIn the past two decades, as technology has moved from the workplace to nearly all aspects of our everyday lives, HCI has also increased the breadth and depth of its research agenda. The breadth increase can be seen in the increasingly broad ...
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Comments