Preliminary experiments on the relative comprehensibility of tabular and graphical risk models

K. Labunets, Y. Li, F. Massacci, F. Paci, M. Ragosta, B. Solhaug, K. Stølen, A. Tedeschid

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

The ATM SESAR projects have invested a significant effort to define, besides tabular representations, graphical modeling notations to capture ATM architectural elements. A key question is whether this is worth the effort for security risk assessment. It is important to understand which representation provides better comprehension of threats, vulnerabilities, security countermeasures, as well as the relationships between them. In this paper we present a preliminary study on the comprehensibility of two risk modeling notations, involving students from Trento and Oslo universities. In particular, we assessed the effect of using graphical or tabular modeling notation on the actual comprehension of security risk models. The subjects were asked to answer eight comprehension questions about the risk assessment concepts (like threats, vulnerabilities or controls) represented using graphical or tabular notation. The results of the data analysis show no significant difference in actual comprehension. Further studies are required to strengthen the statistical significance and to investigate the extent to which the findings are relevant for more general contexts.
Original languageEnglish
Title of host publication5th SESAR Innovation Days: Inspiring Long-Term Research in the Field of Air Traffic Management, SIDs 2015
EditorsD. Schaefer
PublisherIADIS
Publication statusPublished - 2015
Externally publishedYes
Event5th SESAR Innovation Days, SIDs 2015 - Bologna, Italy
Duration: 1 Dec 20153 Dec 2015

Publication series

NameSESAR Innovation Days
ISSN (Electronic)0770-1268

Conference

Conference5th SESAR Innovation Days, SIDs 2015
Country/TerritoryItaly
CityBologna
Period1/12/153/12/15

Fingerprint

Dive into the research topics of 'Preliminary experiments on the relative comprehensibility of tabular and graphical risk models'. Together they form a unique fingerprint.

Cite this