No Search Allowed: What Risk Modeling Notation to Choose?

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

3 Citations (Scopus)

Abstract

[Background] Industry relies on the use of tabular notations to document the risk assessment results, while academia encourages to use graphical notations. Previous studies revealed that tabular and graphical notations with textual labels provide better support for extracting correct information about security risks in comparison to iconic graphical notation.
[Aim] In this study we examine how well tabular and graphical risk modeling notations support extraction and memorization of information about risks when models cannot be searched.
[Method] We present results of two experiments with 60 MSc and 31 BSc students where we compared their performance in extraction and memorization of security risk models in tabular, UML-style and iconic graphical modeling notations.
[Result] Once search is restricted, tabular notation demonstrates results similar to the iconic graphical notation in information extraction. In memorization task tabular and graphical notations showed equivalent results, but it is statistically significant only between two graphical notations.
[Conclusion] Three notations provide similar support to
decision-makers when they need to extract and remember correct
information about security risks.
Original languageEnglish
Title of host publicationInternational Symposium on Empirical Software Engineering and Measurement
PublisherIEEE / ACM
Number of pages10
Edition12
DOIs
Publication statusPublished - 2018

Keywords

  • Cyber security risk assesssment
  • Cyber risk modeling
  • Comprehension
  • Memorization
  • Controlled experiment

Fingerprint Dive into the research topics of 'No Search Allowed: What Risk Modeling Notation to Choose?'. Together they form a unique fingerprint.

  • Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels

    Labunets, K., Massacci, F. & Tedeschi, A., 2017, Proceedings of the 11th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017. IEEE , p. 267-276 10 p.

    Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

    Open Access
    File
    4 Citations (Scopus)
    39 Downloads (Pure)

Cite this