A first empirical evaluation framework for security risk assessment methods in the ATM domain

K. Labunets, F. Massacci, F. Paci, M. Ragosta, B. Solhaug, K. Stølen, A. Tedeschi

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Evaluation and validation methodologies are integral parts of Air Traffic Management (ATM). They are well understood for safety, environmental and other business cases for which operational validation guidelines exist which are well defined and widely used. In contrast, there are no accepted methods to evaluate and compare the effectiveness of risk assessment practices for security. The EMFASE project aims to address this gap by providing an innovative framework to compare and evaluate in a qualitative and quantitative manner risk assessment methods for security in ATM. This paper presents the initial version of the framework and the results of the experiments we conducted to compare and assess security risk assessment methods in ATM. The results indicate that participants better perceive graphical methods for security risk assessment. In addition, the use of domain-specific catalogues of threats and security controls seems to have a significant effect on the perceived usefulness of the methods.
Original languageEnglish
Title of host publicationSIDs 2014 - Proceedings of the SESAR Innovation Days
EditorsD. Schaefer
PublisherEurocontrol
ISBN (Print)9782874970771
Publication statusPublished - 2014
Externally publishedYes
Event4th SESAR Innovation Days - Madrid, Spain
Duration: 25 Nov 201427 Nov 2014

Publication series

NameSIDs 2014 - Proceedings of the SESAR Innovation Days

Conference

Conference4th SESAR Innovation Days
CountrySpain
CityMadrid
Period25/11/1427/11/14

Fingerprint Dive into the research topics of 'A first empirical evaluation framework for security risk assessment methods in the ATM domain'. Together they form a unique fingerprint.

Cite this