Evaluating the Effect of the Catalogs Usage on Security Threats and Controls Identification
The goal of the experiment is to compare the effect of using domain-general versus domain-specific catalogs of threats and security controls on security risk assessment's actual effectiveness and perception.
Supplement Materials
During the experiment we distributed among participants two type of questionnaires:
Pre-task questionnaire to collect some information about participants and thier background: Q1.
Post-task questionnaire to collect participants' perception of the method and catalogs: Q2.