Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels

Katsiaryna Labunets, Fabio Massacci, Alessandra Tedeschi

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

4 Citations (Scopus)
39 Downloads (Pure)

Abstract

Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks. [Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility. [Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations. [Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models. [Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.
Original languageEnglish
Title of host publicationProceedings of the 11th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017
PublisherIEEE
Pages267-276
Number of pages10
DOIs
Publication statusPublished - 2017
EventACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017 - Toronto, Canada
Duration: 9 Nov 201710 Nov 2017
Conference number: 11
http://www.scs.ryerson.ca/eseiw2017/ESEM/index.html

Conference

ConferenceACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017
Abbreviated titleESEM
CountryCanada
CityToronto
Period9/11/1710/11/17
Internet address

Keywords

  • Cognitive fit
  • Comprehensibility
  • Empirical study
  • Risk modeling
  • Security risk assessment

Fingerprint Dive into the research topics of 'Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels'. Together they form a unique fingerprint.

Cite this