Dalarna University's logo and link to the university's website

du.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Thrifty Guardians: Overcoming the Challenges of Establishing Security Champions on a Limited Budget
Dalarna University, School of Information and Engineering, Microdata Analysis.ORCID iD: 0000-0001-6327-3565
2023 (English)In: 2023 49th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), IEEE, 2023, p. 207-214Conference paper, Published paper (Refereed)
Abstract [en]

In this case study conducted over a six-months period where a Security Champions team was established, and an additional month for the remaining data collection and analysis, we explore the challenges and strategies in forming and sustaining a Security Champion team in a mid-size software engineering organization, given a very limited budget. Our research questions focus on identifying the main challenges and key success strategies when establishing such a team, to enable security awareness, competence and focus, with cost-efficient approaches. The chosen research methodology consisted of an exploratory case study, involving 11 Security Champion team members and two key stakeholders. A mixed-method approach was used, collecting data via semi-structured interviews and an online self-assessment survey, further processed with structural coding to identify key success factors and challenges. Our study shows that it is possible to establish a Security Champion team on a strictly limited budget, given the following identified key success factors: the team leader possesses prior experience with the concept, the team have short but frequent meetings, there is buy-in from management, team members, and other security organizations, and there are enough situations where the Champions can apply their skills. However, challenges persist, including lack of clear goals, unclear prioritization, lack of internal support, lack of buy-in from other security organizations and efficient ways to utilize the Champions’ skills within their teams. This study contributes by identifying key success factors and challenges to mitigate, for organizations looking to establish a Security Champion team with limited resources.

Place, publisher, year, edition, pages
IEEE, 2023. p. 207-214
Keywords [en]
security champions, security challenges, software development, cybersecurity, it management
National Category
Information Systems
Identifiers
URN: urn:nbn:se:du-47796DOI: 10.1109/SEAA60479.2023.00039Scopus ID: 2-s2.0-85183326836OAI: oai:DiVA.org:du-47796DiVA, id: diva2:1826585
Conference
49th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), 06-08 September 2023, Durres, Albania
Available from: 2024-01-11 Created: 2024-01-11 Last updated: 2024-02-05Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Salin, Hannes

Search in DiVA

By author/editor
Salin, Hannes
By organisation
Microdata Analysis
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 44 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf