TY - GEN
T1 - Preliminary experiments on the relative comprehensibility of tabular and graphical risk models
AU - Labunets, K.
AU - Li, Y.
AU - Massacci, F.
AU - Paci, F.
AU - Ragosta, M.
AU - Solhaug, B.
AU - Stølen, K.
AU - Tedeschid, A.
PY - 2015
Y1 - 2015
N2 - The ATM SESAR projects have invested a significant effort to define, besides tabular representations, graphical modeling notations to capture ATM architectural elements. A key question is whether this is worth the effort for security risk assessment. It is important to understand which representation provides better comprehension of threats, vulnerabilities, security countermeasures, as well as the relationships between them. In this paper we present a preliminary study on the comprehensibility of two risk modeling notations, involving students from Trento and Oslo universities. In particular, we assessed the effect of using graphical or tabular modeling notation on the actual comprehension of security risk models. The subjects were asked to answer eight comprehension questions about the risk assessment concepts (like threats, vulnerabilities or controls) represented using graphical or tabular notation. The results of the data analysis show no significant difference in actual comprehension. Further studies are required to strengthen the statistical significance and to investigate the extent to which the findings are relevant for more general contexts.
AB - The ATM SESAR projects have invested a significant effort to define, besides tabular representations, graphical modeling notations to capture ATM architectural elements. A key question is whether this is worth the effort for security risk assessment. It is important to understand which representation provides better comprehension of threats, vulnerabilities, security countermeasures, as well as the relationships between them. In this paper we present a preliminary study on the comprehensibility of two risk modeling notations, involving students from Trento and Oslo universities. In particular, we assessed the effect of using graphical or tabular modeling notation on the actual comprehension of security risk models. The subjects were asked to answer eight comprehension questions about the risk assessment concepts (like threats, vulnerabilities or controls) represented using graphical or tabular notation. The results of the data analysis show no significant difference in actual comprehension. Further studies are required to strengthen the statistical significance and to investigate the extent to which the findings are relevant for more general contexts.
M3 - Conference contribution
T3 - SESAR Innovation Days
BT - 5th SESAR Innovation Days: Inspiring Long-Term Research in the Field of Air Traffic Management, SIDs 2015
A2 - Schaefer, D.
PB - IADIS
T2 - 5th SESAR Innovation Days, SIDs 2015
Y2 - 1 December 2015 through 3 December 2015
ER -