Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels

Katsiaryna Labunets; Fabio Massacci; Alessandra Tedeschi

doi:10.1109/ESEM.2017.40

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels

Katsiaryna Labunets, Fabio Massacci, Alessandra Tedeschi

Safety and Security Science

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

4 Citations (Scopus)

39 Downloads (Pure)

Abstract

Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks. [Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility. [Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations. [Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models. [Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.

Original language	English
Title of host publication	Proceedings of the 11th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017
Publisher	IEEE
Pages	267-276
Number of pages	10
DOIs	https://doi.org/10.1109/ESEM.2017.40
Publication status	Published - 2017
Event	ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017 - Toronto, Canada Duration: 9 Nov 2017 → 10 Nov 2017 Conference number: 11 http://www.scs.ryerson.ca/eseiw2017/ESEM/index.html

Conference

Conference	ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017
Abbreviated title	ESEM
Country	Canada
City	Toronto
Period	9/11/17 → 10/11/17
Internet address	http://www.scs.ryerson.ca/eseiw2017/ESEM/index.html

Keywords

Cognitive fit
Comprehensibility
Empirical study
Risk modeling
Security risk assessment

Access to Document

10.1109/ESEM.2017.40

SSRN_id3025473Accepted author manuscript, 524 KB

http://resolver.tudelft.nl/uuid:1e5aebdd-cfae-4745-9751-463be738dd7b

Fingerprint Dive into the research topics of 'Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels'. Together they form a unique fingerprint.

4 Citations
1 Conference contribution

No Search Allowed: What Risk Modeling Notation to Choose?
Labunets, K., 2018, International Symposium on Empirical Software Engineering and Measurement. 12 ed. IEEE / ACM, 10 p.
Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review
3 Citations (Scopus)

Cite this

@inproceedings{1e5aebddcfae47459751463be738dd7b,

title = "Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels",

abstract = "Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks. [Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility. [Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations. [Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models. [Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.",

keywords = "Cognitive fit, Comprehensibility, Empirical study, Risk modeling, Security risk assessment",

author = "Katsiaryna Labunets and Fabio Massacci and Alessandra Tedeschi",

note = "Accepted Author Manuscript; ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017, ESEM ; Conference date: 09-11-2017 Through 10-11-2017",

year = "2017",

doi = "10.1109/ESEM.2017.40",

language = "English",

pages = "267--276",

booktitle = "Proceedings of the 11th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017",

publisher = "IEEE ",

address = "United States",

url = "http://www.scs.ryerson.ca/eseiw2017/ESEM/index.html",

}

Labunets, K, Massacci, F & Tedeschi, A 2017, Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels. in Proceedings of the 11th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017. IEEE , pp. 267-276, ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017, Toronto, Canada, 9/11/17. https://doi.org/10.1109/ESEM.2017.40

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels. / Labunets, Katsiaryna; Massacci, Fabio; Tedeschi, Alessandra.

Proceedings of the 11th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017. IEEE , 2017. p. 267-276.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels

AU - Labunets, Katsiaryna

AU - Massacci, Fabio

AU - Tedeschi, Alessandra

N1 - Conference code: 11

PY - 2017

Y1 - 2017

N2 - Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks. [Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility. [Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations. [Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models. [Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.

AB - Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks. [Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility. [Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations. [Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models. [Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.

KW - Cognitive fit

KW - Comprehensibility

KW - Empirical study

KW - Risk modeling

KW - Security risk assessment

UR - http://resolver.tudelft.nl/uuid:1e5aebdd-cfae-4745-9751-463be738dd7b

U2 - 10.1109/ESEM.2017.40

DO - 10.1109/ESEM.2017.40

M3 - Conference contribution

SP - 267

EP - 276

BT - Proceedings of the 11th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017

PB - IEEE

T2 - ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017

Y2 - 9 November 2017 through 10 November 2017

ER -

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels

Abstract

Conference

Keywords

Access to Document

No Search Allowed: What Risk Modeling Notation to Choose?

Cite this