Title :
Experiences from using indicators to validate expert judgments in security risk analysis
Author :
Ligaarden, O.S. ; Refsdal, A. ; Stolen, K.
Author_Institution :
Dept. for Networked Syst. & Services, SINTEF ICT, Oslo, Norway
Abstract :
Expert judgments are often used to estimate likelihood values in a security risk analysis. These judgments are subjective and their correctness rely on the competence, training, and experience of the experts. Thus, there is a need to validate the correctness of the values obtained from expert judgments. In this paper we investigate to what extent indicators based on historical data may be used to validate likelihood values obtained from expert judgments. We report on experiences from a security risk analysis where indicators were used to validate likelihood values obtained from expert judgments. The experiences build on data collected during the analysis and on semi-structured interviews with the client experts that participated in the analysis.
Keywords :
risk analysis; security of data; client experts; expert judgment validation; historical data; likelihood values estimation; security risk analysis; Education; Electronic mail; Information security; Interviews; Proposals; Risk analysis; expert judgment; indicator; security risk analysis;
Conference_Titel :
Security Measurements and Metrics (Metrisec), 2011 Third International Workshop on
Conference_Location :
Banff, AB
Print_ISBN :
978-1-4673-1245-5
DOI :
10.1109/Metrisec.2011.13
