Evaluate Security as an Innovation

  • Shamal FailyEmail author


This chapter presents the paradigm of Security Entrepreneurship: the application of innovation models and principles to organise, create, and manage security design elements to bring about improved system security. I begin by introducing some tenets from the innovation literature, before introducing four sample Security Entrepreneurship techniques, and illustrating each with a working example. Finally, the consequences of this paradigm are discussed, and I propose research directions for the mainstream introduction of Security Entrepreneurship for security design.


  1. 1.
    ISO. ISO/IEC 27002: Information Technology – Security Techniques – Code of Practice for Information Security Management. ISO/IEC; 2007.Google Scholar
  2. 2.
    Rittel HWJ, Webber MM. Dilemmas in a general theory of planning. Policy Sci. 1973;4(2):155–69.CrossRefGoogle Scholar
  3. 3.
    Karlsen IK, Maiden N, Kerne A. Inventing requirements with creativity support tools. In: REFSQ ’09: Proceedings of the 15th international working conference on requirements engineering: foundation for software quality. Berlin, Heidelberg: Springer; 2009. p. 162–174.CrossRefGoogle Scholar
  4. 4.
    Interface Ecology Lab. ideaMÂCHÉ Home Page; 2017.
  5. 5.
    Robertson J. Eureka! why analysts should invent requirements. IEEE Softw. 2002;19(4):20–2.CrossRefGoogle Scholar
  6. 6.
    Godin B. The linear model of innovation: the historical construction of an analytical framework. Sci Technol Human Values. 2006;31(6):639–67.CrossRefGoogle Scholar
  7. 7.
    Hughes TP. Networks of power: electrification in Western society, 1880-1930. Johns Hopkins University Press; 1983.Google Scholar
  8. 8.
    Murphy AE. Richard cantillon, entrepreneur and economist. Clarendon Press; 1986.Google Scholar
  9. 9.
    Schumpeter JA. Capitalism, socialism, and democracy. Allen & Urwin; 1944.Google Scholar
  10. 10.
    Martin RL, Osberg S. Social entrepreneurship: the case for definition. Stanf Soc Innov Rev. 2007;5(2):29–39.Google Scholar
  11. 11.
    Abernathy WJ, Clark KB. Innovation: mapping the winds of creative destruction. Res Policy. 1985;14(1):3–22.CrossRefGoogle Scholar
  12. 12.
    Henderson RM, Clark KB. Architectural innovation: the reconfiguration of existing product technologies and the failure of established firms. Adm Sci Q. 1990;35(1):9.CrossRefGoogle Scholar
  13. 13.
    Weinberg AS, Pellow DN, Schaiberg A. Urban recycling and the search for sustainable community development. Princeton University Press; 2000.Google Scholar
  14. 14.
    Bass F. A new product growth model for consumer durables. Manag Sci. 1969;15(5):215–27.CrossRefGoogle Scholar
  15. 15.
    Gravier MJ, Swartz SM. The dark side of innovation: exploring obsolescence and supply chain evolution for sustainment-dominated systems. J High Technol Manag Res. 2009;20(2):87–102.CrossRefGoogle Scholar
  16. 16.
    Christensen CM. The innovator’s dilemma: when new technologies cause great firms to fail. Harvard Business School Press; 1997.Google Scholar
  17. 17.
    Mukunda G. We cannot go on: disruptive innovation and the first world war royal navy. SecurStud. 2010;19(1):124–59.Google Scholar
  18. 18.
    Leadbeater C. The Socially entrepreneurial city. In: Social entrepreneurship: new models of sustainable social change. Oxford University Press; 2006. p. 233–246.Google Scholar
  19. 19.
    Fléchais I, Sasse MA, Hailes SMV. Bringing security home: a process for developing secure and usable systems. In: proceedings of the 2003 new security paradigms workshop. ACM; 2003. p. 49–57.Google Scholar
  20. 20.
    den Braber F, Hogganvik I, Lund MS, Stølen K, Vraalsen F. Model-based security analysis in seven steps - a guided tour to the CORAS method. BT Technol J. 2007;25(1):101–17.CrossRefGoogle Scholar
  21. 21.
    Shostack A. Threat modeling: designing for security. John Wiley & Sons; 2014.Google Scholar
  22. 22.
    Bass L, Clements P, Kazman R. Software architecture in practice. 2nd ed. Addison-Wesley; 2003.Google Scholar
  23. 23.
    Grinter RE. Systems architecture: product designing and social engineering. SIGSOFT Softw Eng Notes. 1999;24(2):11–8.CrossRefGoogle Scholar
  24. 24.
    Nuseibeh B. Weaving together requirements and architectures. Computer. 2001;34(3):115–7.CrossRefGoogle Scholar
  25. 25.
    Gibson JJ. The ecological approach to visual perception. Houghton Mifflin; 1979.Google Scholar
  26. 26.
    Bell G, Blythe M, Sengers P. Making by making strange: defamiliarization and the design of domestic technologies. ACM Trans Comput -Human Interact. 2005;12(2):149–73.CrossRefGoogle Scholar
  27. 27.
    Chindōgu Wikipedia entry; 2017.
  28. 28.
    Board of innovation web site;.
  29. 29.
    Afuah A. 2. In: Innovation management: strategies, implementation and profits. 2nd ed. Oxford University Press; 2003.Google Scholar
  30. 30.
    Godik S, Moses T. EXtensible Access Control Markup Language (XACML) version 1.1, committee specification, August 2003. http://www.asis-openorg 2005.
  31. 31.
    International Telecommunication Union. X.509 : Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks. International Telecommunication Union; 2005.Google Scholar
  32. 32.
    Barrett DJ, Silverman RE, Byrnes RG. SSH, the secure shell: the definitive guide. 2nd ed. O’Reilly; 2005.Google Scholar
  33. 33.
    Digital Imaging and Communications in Medicine (DICOM): Part 1: Introduction and Overview: PS 3.1-2009. National Electronic Manufacturers Association; 2009.Google Scholar
  34. 34.
    Borgatti S, Mehra A, Brass D, Labianca G. Network analysis in the social sciences. Science. 2009;323(5916):892–5.CrossRefGoogle Scholar
  35. 35.
    Anderson R, Moore T. The economics of information security. Science. 2006.Google Scholar
  36. 36.
    Granovetter M. The strength of weak ties: a network theory revisited. 1983;1:201–33.Google Scholar
  37. 37.
    Faily S, Fléchais I. Designing and aligning e-Science security culture with design. Inf Manag Comput Secur. 2010;18(5):339–49.CrossRefGoogle Scholar
  38. 38.
    AT&T. Graphviz web site; 2012.
  39. 39.
    Klein G. Performing a project premortem. Harv Bus Rev. 2007;85(9):18–9.Google Scholar
  40. 40.
    Thomke S, Nimgade A. IDEO Product development (HBS-9-600-143). Harvard Business School Case Study. 2007.Google Scholar
  41. 41.
    Hobek J. The innovation design dilemma: some notes on its relevance and solution. In: Grønhaug K, Kaufmann G, editors. Innovation: a cross-disciplinary perspective. Norwegian University Press; 1988.Google Scholar
  42. 42.
    Rapoport RN. Three dilemmas in action research. Human Relat. 1970;23(6):499–513.CrossRefGoogle Scholar
  43. 43.
    Baskerville RL. Investigating information systems with action research. Commun Assoc Inf Syst. 1999;2(19):1–32.Google Scholar
  44. 44.
    Rasmussen LB, Nielsen T. Entrepreneurial capabilities: is entrepreneurship action research in disguise? AI Soc. 2004;18(2):100–12.CrossRefGoogle Scholar
  45. 45.
    James HL. Managing information systems security: a soft approach. In: Proceedings of the information systems conference of New Zealand. IEEE Computer Society; 1996. p. 10–20.Google Scholar
  46. 46.
    Straub DW, Welke RJ. Coping with systems risk: security planning models for management decision making. MIS Q Manag Inf Syst. 1998;22(4):441–64.CrossRefGoogle Scholar
  47. 47.
    Abernathy WJ, Utterback JM. Patterns of innovation in technology. Technol Rev. 1978;80(7):40–7.Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Computing & InformaticsBournemouth UniversityPoole, DorsetUK

Personalised recommendations