The ATM SESAR projects have invested a significant effort to define, besides tabular representations, graphical modeling notations to capture ATM architectural elements. A key question is whether this is worth the effort for security risk assessment. It is important to understand which representation provides better comprehension of threats, vulnerabilities, security countermeasures, as well as the relationships between them. In this paper we present a preliminary study on the comprehensibility of two risk modeling notations, involving students from Trento and Oslo universities. In particular, we assessed the effect of using graphical or tabular modeling notation on the actual comprehension of security risk models. The subjects were asked to answer eight comprehension questions about the risk assessment concepts (like threats, vulnerabilities or controls) represented using graphical or tabular notation. The results of the data analysis show no significant difference in actual comprehen...
Preliminary experiments on the relative comprehensibility of tabular and graphical risk models / Labunets, K.; Li, Y.; Massacci, F.; Paci, F.; Ragosta, M.; Solhaug, B.; Stølen, K.; Tedeschi, A.. - (2015). ( 5th SESAR Innovation Days, SIDs 2015 Laboratori delle Arti of Universita di Bolognavia Azzo Gardino 65/aBologna; Italy; 1 December 2015 through 3 December 2015).
Preliminary experiments on the relative comprehensibility of tabular and graphical risk models
Labunets K.;Massacci F.;Paci F.;Tedeschi A.
2015-01-01
Abstract
The ATM SESAR projects have invested a significant effort to define, besides tabular representations, graphical modeling notations to capture ATM architectural elements. A key question is whether this is worth the effort for security risk assessment. It is important to understand which representation provides better comprehension of threats, vulnerabilities, security countermeasures, as well as the relationships between them. In this paper we present a preliminary study on the comprehensibility of two risk modeling notations, involving students from Trento and Oslo universities. In particular, we assessed the effect of using graphical or tabular modeling notation on the actual comprehension of security risk models. The subjects were asked to answer eight comprehension questions about the risk assessment concepts (like threats, vulnerabilities or controls) represented using graphical or tabular notation. The results of the data analysis show no significant difference in actual comprehen...| File | Dimensione | Formato | |
|---|---|---|---|
|
Preleminary....pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
756.47 kB
Formato
Adobe PDF
|
756.47 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
