Kaarina Karppinen

Trust and Cloud Services - An Interview Study

The cloud services are on everybody’s lips, but what is the standpoint of those needing to consider the implications of serious involvement? What trust related aspects the experts deem noteworthy when surrending organisation’scomputing services into foreign hands? In this paper we present results from an expert interview study on trust and cloud services, covering the nature, measurement and experiencing of trust. Furthermore, future research directions regarding trust in the cloud are discussed based on the interviews.

User Experience and Security in the Cloud -- An Empirical Study in the Finnish Cloud Consortium

This paper presents an empirical analysis of security and user experience issues in cloud computing. The study is based on the assumption that superior user experience and user-centric security are the two crucial issues that help to build an overall experience for the cloud service user. Qualitative research analysis is used to collect perspectives of eleven experts from Finnish Cloud Software Program Consortium. The perspectives of these experts are then analyzed qualitatively and a thematic analysis is presented. As a result a range of issues related to user experience and security are identified, leading to a perspective of marrying security and user experience.

A situation-aware safety service for children via participatory design

Children are mostly neglected as technology end users, even though they have needs and requirements that should be taken into account in the design of new products and services. This paper introduces a process for a designing situation-aware safety service for children with a unique combination of novel participatory tools, a brainstorming workshop, and scenario writing. The design process includes five phases where the service design team, with multi-science expertise, uses the participatory design tools to gather the needs, fears, and hopes from the end users in the very early phases of the design. We report the lessons learned from the usage of the design process by the pupils, their parents and teachers from one primary school in Finland. We used publicity via the news in local and provincial newspapers, radio, and TV to receive feedback and acceptance from the local society. The design process proved to be powerful and it enabled the gathering and receiving of valuable feedback from both end users and the local society.

Practical Security Testing of Telecommunications Software--A Case Study

In order to obtain evidence about the security strength in products we need automated information security analysis, validation, evaluation and testing approaches. Unfortunately, no widely accepted practical approaches are available. Information security testing of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. In this study, we argue that security requirements are within the focus of the information security testing process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. We discuss security testing process, security objectives and security requirements from the basis of the experiences of a security testing case study project.

Security Objectives within a Security Testing Case Study

Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project

Holistic Information Security Management in Multi-Organization Environment

Digital convergence, the growing complexity of subcontracting networks and the rise in new, unknown risks call for a new paradigm in information security management. Joint operation agreements between organizations as well as demands from third party actors, such as government and environmental activists, require novel information security management procedures that manage the associated information systems as a whole - from the political, social and legal point of view in addition to the traditional information security view. To tackle these uprising issues we propose holistic handling for risk management and information security management and assurance

Towards Evaluation of Security Assurance during the Software Development Lifecycle

It is difficult to state whether a certain software productis developed securely enough. An evaluation methodology that takes the security assurance methods used during the software development lifecycle into account is one step closer to a solution to this problem. In this paper we discuss our first heuristics for security assurance evaluation that would give guidelines on the trustworthiness of the software development lifecycle. The input for evaluations include the context, expert opinions, outcome of the methods and reputation. Our evaluation heuristics are a step towards being able to deduce about the level of assurance for a software process, compared to a certain context-specific baseline.