This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
catalogues-rome-2014 [2017/02/28 12:17] katsiaryna.labunets@unitn.it created |
catalogues-rome-2014 [2021/01/29 10:58] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals ====== | ====== The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals ====== | ||
- | This page provides additional resources that enable replication of our work published at {{:research_activities:experiments:2014-rome-deepblue:gramatica-etal-refsq2015.pdf|REFSQ 2015}}. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments. | + | This page provides additional resources that enable replication of our work published at {{:research_activities:experiments:2014-rome-deepblue:gramatica-etal-refsq2015.pdf|REFSQ2015}}. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments. |
===== Goals ===== | ===== Goals ===== | ||
Line 14: | Line 14: | ||
To conduct security risk assessment the groups used SESAR ATM Security Risk Assessment Method (SecRAM). As an instance of domain-specific catalogues we used the security catalogue developed by EUROCONTROL which come with SecRAM method. As an instance of domain-general catalogues we chose the threats and security controls catalogues of the [[https://www.bsi.bund.de/EN/Topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzcatalogues_node.html|BSI IT-Grundschutz standard]]. | To conduct security risk assessment the groups used SESAR ATM Security Risk Assessment Method (SecRAM). As an instance of domain-specific catalogues we used the security catalogue developed by EUROCONTROL which come with SecRAM method. As an instance of domain-general catalogues we chose the threats and security controls catalogues of the [[https://www.bsi.bund.de/EN/Topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzcatalogues_node.html|BSI IT-Grundschutz standard]]. | ||
- | The materials related to SecRAM method and EUROCONTROL EATM catalogues are confidential and available upon request. | + | **The materials related to SecRAM method and EUROCONTROL EATM catalogues are confidential.** |
==== Application Scenario ==== | ==== Application Scenario ==== |