@inproceedings{7d4e33e95d2844109ee5fa591eb3e2d0,
title = "Which security catalogue is better for novices?",
abstract = "{\textcopyright} 2015 IEEE.Several catalogues of security threats and controls have been proposed to help organizations in identifying critical risks and improve their risk posture against real world threats. But the role that these catalogues play in a security risk assessment has not yet been investigated. In this paper we report an experiment with 18 MSc students conducted to compare the effect of using domain-specific and domain-general catalogues of threats and security controls on the actual efficacy and perception of a security risk assessment method. The experimental results show that there is no difference in the actual efficacy of the method when applied with the two types of catalogues. In contrast, the perceived usefulness of the method is higher for the participants who have used the domain-specific catalogues. In addition, the domain-specific catalogues are perceived as easier to use by the participants.",
author = "K. Labunets and F. Paci and F. Massacci",
year = "2016",
month = mar,
day = "10",
doi = "10.1109/EmpiRE.2015.7431304",
language = "English",
isbn = "9781509001163",
series = "5th International Workshop on Empirical Requirements Engineering, EmpiRE 2015 - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "25--32",
booktitle = "5th International Workshop on Empirical Requirements Engineering, EmpiRE 2015 - Proceedings",
address = "United States",
note = "5th International Workshop on Empirical Requirements Engineering, EmpiRE 2015 ; Conference date: 24-08-2015",
}