Date Added: Sep 2010
When designing secure systems, the authors are inundated with an eclectic mix of security and non-security requirements; this makes predicting a successful outcome from the universe of possible security design decisions a difficult problem. They propose augmenting the process of security design with the paradigm of security entrepreneurship: the application of innovation models and principles to organise, create, and manage security design elements to bring about improved system security. They propose three initial Security Entrepreneurship techniques as examples of this paradigm, describe how their underlying models align with secure systems design, and help predict the social and technical impact of possible design decisions. They also pose a number of thought experiments, and suggest possible research agendas for security entrepreneurship.