This shows you the differences between two versions of the page.
experiment_description [2014/01/08 21:15] federica.paci@unitn.it [Experimental Design] |
experiment_description [2021/01/29 10:58] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | |||
- | ====== An experiment on the effect of using a catalog of security requirements on elicitation effectiveness ====== | ||
- | |||
- | ==== Research Questions and Hypotheses Formulation ==== | ||
- | |||
- | The main research questions of the experiment are the following: | ||
- | | ||
- | |||
- | * **RQ1**: //Does the use of a catalog of security requirements lead to identify more security requirements?// | ||
- | |||
- | * **RQ2** //Is participants' perception of using a catalog of security requirements in | ||
- | security requirements elicitation better than not using it?// | ||
- | |||
- | |||
- | RQ1 concerns the //effectiveness// of | ||
- | security requirements elicitation. To | ||
- | answer the research question we will measure //effectiveness// by | ||
- | counting the number of security requirements identified | ||
- | by the participants. | ||
- | The data analysis for RQ1 will be done using the Mann-Whitney test. | ||
- | Only security requirements specific for the scenario analyzed | ||
- | by the participants will be considered for statistical analysis. | ||
- | |||
- | |||
- | RQ2 is related to the participants' //perception// of using | ||
- | the catalog of security requirements in eliciting security requirements. | ||
- | Participants' perception will be measured through a post-task questionnaire | ||
- | inspired to the Technology Acceptance Model (TAM). | ||
- | The data analysis for RQ2 will be done using the Mann-Whitney test. | ||
- | |||
- | The null hypotheses coming from the research questions are the following: | ||
- | |||
- | H1_0 //There will be no difference in the number of security requirements found with a catalog of security requirements and the one found without//. | ||
- | |||
- | H2_0 //There will be no difference in the participants' perception of eliciting | ||
- | security requirement with a catalog of security requirements and without.// | ||
- | |||
- | |||
- | ==== Experimental Design ==== | ||
- | |||
- | Participants to our experiment should have a background in | ||
- | security and at least two years experience in security | ||
- | requirements elicitation. A between-subject design will be used where | ||
- | the participants will be randomly | ||
- | assigned to two groups denoted as G1 and G2. | ||
- | The participants in G1 will identify security requirements | ||
- | for an advanced metering infrastructure scenario with the use | ||
- | of catalog of security requirements. The participants | ||
- | in G2 will have to identify security | ||
- | requirements for the same scenario but without | ||
- | the support of the catalog. The scenario focuses on a private household | ||
- | where a smart meter is installed which records consumption of electric energy and | ||
- | communicates this information daily back to the utility for monitoring and | ||
- | billing purposes. | ||
- | ==== Experimental Procedure ==== |