On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment
نویسندگان
چکیده
[Context] Many security risk assessment methods are proposed both in academia (typically with a graphical notation) and industry (typically with a tabular notation). [Question] We compare methods based on those two notations with respect to their actual and perceived efficacy when both groups are equipped with a domain-specific security catalogue (as typically available in industry risk assessments). [Results] Two controlled experiments with MSc students in computer science show that tabular and graphical methods are (statistically) equivalent in quality of identified threats and security controls. In the first experiment the perceived efficacy of tabular method was slightly better than the graphical one, and in the second experiment two methods are perceived as equivalent. [Contribution] A graphical notation does not warrant by itself better (security) requirements elicitation than a tabular notation in terms of the quality of actually identified requirements.
منابع مشابه
EEH: AGGH-like public key cryptosystem over the eisenstein integers using polynomial representations
GGH class of public-key cryptosystems relies on computational problems based on the closest vector problem (CVP) in lattices for their security. The subject of lattice based cryptography is very active and there have recently been new ideas that revolutionized the field. We present EEH, a GGH-Like public key cryptosystem based on the Eisenstein integers Z [ζ3] where ζ3 is a primitive...
متن کاملDerivative Meaning in Graphical Representations
This paper reports on the phenomenon that may be called “derivative meaning,” where the basic semantic conventions for certain graphical representation systems give rise to additional informational relations between features of representations and features of the represented. We will discuss several examples of graphical systems, such as the systems of scatter plots, data maps, and tabular repr...
متن کاملA posteriori Disclosure Risk Measure for Tabular Data Based on Conditional Entropy∗
Statistical database protection, also known as Statistical Disclosure Control (SDC), is a part of information security which tries to prevent published statistical information (tables, individual records) from disclosing the contribution of specific respondents. This paper deals with the assessment of the disclosure risk associated to the release of tabular data. So-called sensitivity rules are...
متن کاملResults and Lessons Learned from a User Study of Display Effectiveness with Experienced Cyber Security Network Analysts
Background. Visualization tools have been developed for various network analysis tasks for Computer Network Defense (CND) analysts, yet there are few empirical studies in the domain of cyber security that validate the efficacy of various graphical constructions with respect to enhancing analysts’ situation awareness. Aim. The aim of this study is to empirically evaluate the utility of graphical...
متن کاملارائه الگویی برای ارزیابی ریسک آتشسوزیهای عمدی
Background & Objectives : It is not possible to live without using fire. However, fire could destruct human properties in a short time. One of the most important types of fire is intentional fire. This type of fire has become a great problem for insurance companies, fire departments, industries, government and business in the recent years. This study aimed to provide a framework for risk assess...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017