DocumentCode :
1798741
Title :
An experiment on comparing textual vs. visual industrial methods for security risk assessment
Author :
Labunets, Katsiaryna ; Paci, Federica ; Massacci, F. ; Ruprai, Raminder
Author_Institution :
DISI, Univ. of Trento, Trento, Italy
fYear :
2014
fDate :
25-25 Aug. 2014
Firstpage :
28
Lastpage :
35
Abstract :
Many security risk assessment methods have been proposed both from academia and industry. However, little empirical evaluation has been done to investigate how these methods are effective in practice. In this paper we report a controlled experiment that we conducted to compare the effectiveness and participants´ perception of visual versus textual methods for security risk assessment used in industry. As instances of the methods we selected CORAS, a method by SINTEF used to provide security risk assessment consulting services, and SecRAM, a method by EUROCONTROL used to conduct security risk assessment within air traffic management. The experiment involved 29 MSc students who applied both methods to an application scenario from Smart Grid domain. The dependent variables were effectiveness of the methods measured as number of specific threats and security controls identified, and perception of the methods measured through post-task questionnaires based on the Technology Acceptance Model. The experiment shows that while there is no difference in the actual effectiveness of the two methods, the visual method is better perceived by the participants.
Keywords :
power engineering computing; power system security; risk management; security of data; smart power grids; CORAS; EUROCONTROL; SINTEF; SecRAM; application scenario; effectiveness comparison; participant perception; security controls; security risk assessment consulting services; security risk assessment method; security threats; smart grid domain; technology acceptance model; textual industrial method; visual industrial method; Analysis of variance; Educational institutions; Interviews; Risk management; Security; Smart grids; Visualization; controlled experiment; security risk assessment methods; technology acceptance model;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Empirical Requirements Engineering (EmpiRE), 2014 IEEE Fourth International Workshop on
Conference_Location :
Karlskrona
Type :
conf
DOI :
10.1109/EmpiRE.2014.6890113
Filename :
6890113
Link To Document :
بازگشت