validation_of_risk_and_security_requirements_methodologies
Differences
This shows you the differences between two versions of the page.
validation_of_risk_and_security_requirements_methodologies [2017/02/28 13:53] – [Experiments] katsiaryna.labunets@unitn.it | validation_of_risk_and_security_requirements_methodologies [2021/01/29 10:58] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 46: | Line 46: | ||
- Empirical validation of Risk and Security Requirements Methodologies | - Empirical validation of Risk and Security Requirements Methodologies | ||
- | * //The e-RISE challenge// | + | * //The e-RISE challenge// |
- | * //An Experimental Comparison of Tabular vs. Graphical Security Methods//. We have conducted several experiments | + | * [[eRISE 2011]] |
- | - The Role of Catalogues of Threats and Security Controls in Security Risk Assessment. | + | * [[eRISE 2012]] |
- | - Risk Models Comprehension: | + | * [[eRISE 2013]] |
+ | * eRISE 2014 (56 professionals). | ||
+ | * //An Experimental Comparison of Tabular vs. Graphical Security Methods//. We have conducted several experiments | ||
+ | * Fall [[seceng-course-exp-2012|2012]] (28 participants), | ||
+ | * Fall [[seceng-course-exp-2013|2013]] (29 participants), | ||
+ | * Fall 2014 (35 participants), | ||
+ | * Fall 2015 (28 participants). | ||
+ | - The Role of Catalogues of Threats and Security Controls in Security Risk Assessment. | ||
+ | * Jan 2014 with [[winter-schl-exp2014|novices]] | ||
+ | * May 2014 with [[catalogues-rome-2014|practitioners]] | ||
+ | * Nov 2016 we conducted an additional study with novices (40 participants). | ||
+ | - Risk Models Comprehension: | ||
+ | * [[unitn-comprehensibility-exp-2015|Oct 1st, 2014]] in University of Trento, Italy (35 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Nov 14th, 2014]] in PUCRS University in Porto Alegre, Brazil (13 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Nov 18th, 2014]] in PUCRS University in Porto Alegre, Brazil (27 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Sep 16th, 2015]] in Cosenza, Italy at Poste Italiane cyber-security lab (52 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Sep 21st, 2015]] in University of Trento, Italy (51 participants), | ||
+ | * [[sid-2015-tutorial|Dec 2nd, 2015]] in Bologna, Italy with ATM professionals (15 participants), | ||
+ | * [[online-comprehensibility-exp-2016|Jan-Feb, | ||
+ | * Sep 21st, 2016 in University of Trento, Italy (35 participants). | ||
+ | - Empirical Evaluation of CVSS Environmental Metrics. | ||
+ | * [[unitn_cvss_env_exp_2016|Nov 2016]] in University of Trento, Italy (29 participants). | ||
Line 71: | Line 92: | ||
==== Publications ==== | ==== Publications ==== | ||
- | * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations** | + | === Working papers === |
+ | * M. de Gramatica, K. Labunets, F. Massacci, F. Paci, M. Ragosta, A. Tedeschi. **On the Effectiveness of Sourcing Knowledge from Catalogues in Security Risk Assessment**. To be submitted to journal. | ||
+ | * K. Labunets, F. Massacci, F. Paci. **An Empirical Comparison of Security Risk Assessment Methods**. To be submitted to journal. | ||
+ | |||
+ | === Published papers === | ||
+ | * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations**. //Empirical Software Engineering// | ||
* K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In // | * K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In // | ||
* K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE' | * K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE' |
validation_of_risk_and_security_requirements_methodologies.1488286425.txt.gz · Last modified: 2021/01/29 10:58 (external edit)