Differences

This shows you the differences between two versions of the page.

--- experiment_description [2014/01/08 21:15]
federica.paci@unitn.it [Experimental Design]
+++ experiment_description [2021/01/29 10:58] (current)
@@ Line 3: / Line 3: @@
 ====== An experiment on the effect of using a catalog of security requirements on elicitation effectiveness ======
+The goal of the experiment we want to conduct following the goal/question/metric (GQM) template is investigating the use of a catalog of security requirements with the purpose of understanding if the use of a catalog has an effect on the effectiveness of eliciting security requirements from the point of view of security requirements engineers. The context of the experiment consists of security requirements engineers who identify a list of security requirements for an advanced metering infrastructure scenario from the Smart Grid domain.
 ==== Research Questions and Hypotheses Formulation ====
@@ Line 8: / Line 9: @@
-* **RQ1**: //Does the use of a catalog of security requirements lead to identify more security requirements?//
+  * **RQ1**: //Does the use of a catalog of security requirements lead to identify more security requirements?//
-* **RQ2** //Is participants' perception of using a catalog of security requirements in
+  * **RQ2**: //Is participants' perception of using a catalog of security requirements in
 security requirements elicitation better than not using it?//
@@ Line 32: / Line 33: @@
 The null hypotheses coming from the research questions are the following:
-H1_0 //There will be no difference in the number of security requirements found with a catalog of security requirements and the one found without//.
+  * **H1**: //There will be no difference in the number of security requirements found with a catalog of security requirements and the one found without//.
-H2_0 //There will be no difference in the participants' perception of eliciting
+  * **H2**: //There will be no difference in the participants' perception of eliciting
 security requirement with a catalog of security requirements and without.//
 ==== Experimental Design ====
@@ Line 55: / Line 55: @@
 billing purposes.
 ==== Experimental Procedure ====
+  * **Training**. All participants are provided with a four pages tutorial on the advanced metering infrastructure scenario and are administered a demographic questionnaire about their education level, security requirements engineering experience, and industry experience.
+  * **Application**. All participants are provided with a table listing assets and possible threats for the advanced metering infrastructure scenario. Participants in group G1 receive a printed copy of the SANS Institute Catalog of Critical Security Controls for Cyber Defence. Each participant in group G1 fill in the table with security requirements protecting the assets from identified threats with the support of the SANS Institute Catalog of Critical Security Controls for Cyber Defence. Each participants in group G2 perform the same task without the catalog support. All participants perform the work individually.
+  * **Evaluation**. Participants fill in the post-task questionnaire about their perception of the use of a security requirements catalog.
+We will allocate 20 minutes for the Training phase, 50 minutes for
+the Application phase, and 10 minutes for the Evaluation phase.
+The experiment should be conducted in a closed room with no Internet connection to not disturb
+the participants. Printing facilities for the researchers
+conducting the experiment should be provided at the conference.

DISI Security Research Group Wiki

User Tools

Site Tools

Differences

Page Tools