This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
erise [2013/04/05 17:48] federica.paci@unitn.it [Research Question] |
erise [2017/02/28 13:43] katsiaryna.labunets@unitn.it [Research Questions] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Engineering of Risk and Security Requirement Challenge ==== | + | ===== eRISE Challenge ==== |
- | The eRISE challenge is a series of empirical studies that aim to compare security engineering methods. Two editions of eRISE challenge has been held [[eRISE 2011]] and [[eRISE 2012]].The organization of the third edition [[eRISE 2013]] is currently ongoing. | + | The eRISE (engineering RIsks and SEcurity Requirements) challenge is a series of empirical studies that aim to compare security engineering methods sponsored by [[http://www.nessos-project.eu|NESSoS]] European Project and [[http://www.eitictlabs.eu|EIT ICT Labs]]. Three editions of eRISE challenge has been held [[eRISE 2011]], [[eRISE 2012]], and [[eRISE 2013]]. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments. |
- | //"The idea of eRISE challenge is to bring together methods designers, practitioners and students, and try them to apply the security methods and see if they really work." --- Fabio Massacci// | + | The idea of eRISE challenge is to bring together researchers, young students and practitioners to understand if security methods are effective and what features determine their effectiveness. |
+ | |||
+ | With eRISE we want to be able to tell whether "//it is not a method to find security recommendations..//", or at least "//it helps us to represent the model but does not help in finding solution//", or hopefully "//it helps to find out specific security requirement//." (quoting some of the participants of our experiments). | ||
**eRISE provides method designer with**: | **eRISE provides method designer with**: | ||
- | * Empirical evaluation and Benchmarking of security engineering methods; | + | * Empirical evaluation and benchmarking of security engineering methods; |
- | * Knowledge of how and why participants intend to adopt a method; | + | * Understand if the proposed method works in practice |
- | * Feedback to improve a security method by investigating strengths, weakness and limitations of the method. | + | * Feedback to improve a security method by investigating its strengths, weakness and limitations. |
**eRISE aims to provide the participants with the benefit of:** | **eRISE aims to provide the participants with the benefit of:** | ||
* Knowledge about various state-of-the art methods in the research field, on analyzing security risks and requirements of a system; | * Knowledge about various state-of-the art methods in the research field, on analyzing security risks and requirements of a system; | ||
- | * Opportunity to participate and work on an international collaborative project remotely. | + | * Opportunity to participate and work in international collaborative project. |
- | + | ==== Research Questions ==== | |
- | ==== Research Question ==== | + | |
- | * **RQ1**//Are security requirements and risk methods effective when applied by someone different than their own inventor?// | + | * **RQ1** //Are security requirements and risk methods effective when applied by someone different than their own inventor?// |
* **RQ2** //Why are the methods effective? Why they are not?// | * **RQ2** //Why are the methods effective? Why they are not?// | ||
- | Effectiveness means that a method assists the analyst to produce high quality security requirements with less time and less effort. | + | A method is //effective// when it assists the analyst to produce high quality security requirements with less time and less effort. |
==== Research Approach ==== | ==== Research Approach ==== | ||