An experiment on comparing textual vs. visual industrial methods for security risk assessment