Research output per year
Research output per year
Abstract
Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks. [Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility. [Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations. [Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models. [Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 11th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017 |
| Publisher | IEEE |
| Pages | 267-276 |
| Number of pages | 10 |
| DOIs | |
| Publication status | Published - 2017 |
| Event | ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017 - Toronto, Canada Duration: 9 Nov 2017 → 10 Nov 2017 Conference number: 11 http://www.scs.ryerson.ca/eseiw2017/ESEM/index.html |
Conference
| Conference | ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017 |
|---|---|
| Abbreviated title | ESEM |
| Country/Territory | Canada |
| City | Toronto |
| Period | 9/11/17 → 10/11/17 |
| Internet address |
Bibliographical note
Accepted Author ManuscriptKeywords
- Cognitive fit
- Comprehensibility
- Empirical study
- Risk modeling
- Security risk assessment
Fingerprint
Dive into the research topics of 'Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels'. Together they form a unique fingerprint.Research output
- 5 Citations
- 1 Conference contribution
-
No Search Allowed: What Risk Modeling Notation to Choose?
Labunets, K., 2018, International Symposium on Empirical Software Engineering and Measurement. 12 ed. IEEE / ACM, 10 p.Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review
4 Citations (Scopus)
Projects
- 1 Active
-
Cybersecurity (TPM)
van Eeten, M. J. G., Hernandez Ganan, C., Gürses, F. S., van Wegberg, R. S., Parkin, S. E., Zhauniarovich, Y., van Engelenburg, S. H., Kadenko, N. I., Labunets, K., Akyazi, U., Bouwman, X. B., Jansen, B. A., Kaur, M., Al Alsadi, A., Lone, Q. B., Turcios Rodriguez, E. R., Vermeer, M., van Harten, V. T. C., Vetrivel, S., Oomens, E. C., Kustosch, L. F., Bisogni, F., Ciere, M., Fiebig, T., Korczynski, M. T., Moreira Moura, G. C., Noroozian, A., Pieters, W., Tajalizadehkhoob, S., Dacier, B. H. A., San José Sanchez, J., Çetin, F. O. & Zannettou, S.
1/01/10 → …
Project: Research