Research output per year
Research output per year
Abstract
[Background] Industry relies on the use of tabular notations to document the risk assessment results, while academia encourages to use graphical notations. Previous studies revealed that tabular and graphical notations with textual labels provide better support for extracting correct information about security risks in comparison to iconic graphical notation. [Aim] In this study we examine how well tabular and graphical risk modeling notations support extraction and memorization of information about risks when models cannot be searched. [Method] We present results of two experiments with 60 MSc and 31 BSc students where we compared their performance in extraction and memorization of security risk models in tabular, UML-style and iconic graphical modeling notations. [Result] Once search is restricted, tabular notation demonstrates results similar to the iconic graphical notation in information extraction. In memorization task tabular and graphical notations showed equivalent results, but it is statistically significant only between two graphical notations. [Conclusion] Three notations provide similar support to decision-makers when they need to extract and remember correct information about security risks.
| Original language | English |
|---|---|
| Title of host publication | International Symposium on Empirical Software Engineering and Measurement |
| Publisher | IEEE / ACM |
| Number of pages | 10 |
| Edition | 12 |
| DOIs | |
| Publication status | Published - 2018 |
Keywords
- Cyber security risk assesssment
- Cyber risk modeling
- Comprehension
- Memorization
- Controlled experiment
Fingerprint
Dive into the research topics of 'No Search Allowed: What Risk Modeling Notation to Choose?'. Together they form a unique fingerprint.Research output
- 4 Citations
- 1 Conference contribution
-
Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels
Labunets, K., Massacci, F. & Tedeschi, A., 2017, Proceedings of the 11th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2017. IEEE, p. 267-276 10 p.Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review
Open AccessFile6 Citations (Scopus)188 Downloads (Pure)
Datasets
-
Data underlying the research on "Comprehensibility of Tabular and Graphical Risk Model Representations: Results of Two Controlled Experiments"
Labunets, K. (Creator), TU Delft - 4TU.ResearchData, 26 Jun 2019
DOI: 10.4121/UUID:0A6D32EA-A93F-4C2F-AC1E-CDEE73DA021B
Dataset/Software: Dataset
Projects
- 1 Active
-
Cybersecurity (TPM)
van Eeten, M. J. G., Hernandez Ganan, C., Gürses, F. S., van Wegberg, R. S., Parkin, S. E., Zhauniarovich, Y., van Engelenburg, S. H., Kadenko, N. I., Labunets, K., Akyazi, U., Bouwman, X. B., Jansen, B. A., Kaur, M., Al Alsadi, A., Lone, Q. B., Turcios Rodriguez, E. R., Vermeer, M., van Harten, V. T. C., Vetrivel, S., Oomens, E. (. C. )., Kustosch, L. F., Bisogni, F., Ciere, M., Fiebig, T., Korczynski, M. T., Moreira Moura, G. C., Noroozian, A., Pieters, W., Tajalizadehkhoob, S., Dacier, B. H. A., San José Sanchez, J., Çetin, F. O. & Zannettou, S.
1/01/10 → …
Project: Research