User Tools

Site Tools


validation_of_risk_and_security_requirements_methodologies

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
validation_of_risk_and_security_requirements_methodologies [2017/02/28 15:25]
katsiaryna.labunets@unitn.it [Experiments]
validation_of_risk_and_security_requirements_methodologies [2021/01/29 10:58] (current)
Line 51: Line 51:
       * [[eRISE 2013]] (29 students and 28 professionals), ​       * [[eRISE 2013]] (29 students and 28 professionals), ​
       * eRISE 2014 (56 professionals). ​       * eRISE 2014 (56 professionals). ​
-    * //An Experimental Comparison of Tabular vs. Graphical Security Methods//. We have conducted several experiments on this topic:+    * //An Experimental Comparison of Tabular vs. Graphical Security Methods//. We have conducted several experiments on this topic in:
       * Fall [[seceng-course-exp-2012|2012]] (28 participants), ​       * Fall [[seceng-course-exp-2012|2012]] (28 participants), ​
       * Fall [[seceng-course-exp-2013|2013]] (29 participants), ​       * Fall [[seceng-course-exp-2013|2013]] (29 participants), ​
       * Fall 2014 (35 participants), ​       * Fall 2014 (35 participants), ​
       * Fall 2015 (28 participants).       * Fall 2015 (28 participants).
-  - The Role of Catalogues of Threats and Security Controls in Security Risk Assessment. On this topic we have conducted three controlled experiments ​with:+  - The Role of Catalogues of Threats and Security Controls in Security Risk Assessment. On this topic we have conducted three controlled experiments ​in:
       * Jan 2014 with [[winter-schl-exp2014|novices]] (18 participants),​       * Jan 2014 with [[winter-schl-exp2014|novices]] (18 participants),​
       * May 2014 with [[catalogues-rome-2014|practitioners]] (15 participants). ​       * May 2014 with [[catalogues-rome-2014|practitioners]] (15 participants). ​
       * Nov 2016 we conducted an additional study with novices (40 participants).       * Nov 2016 we conducted an additional study with novices (40 participants).
-  - Risk Models Comprehension:​ An Empirical Comparison of Tabular vs. Graphical Representations ​([[unitn-comprehensibility-exp-2015|experiments description]]). We have conducted seven experiments on this topic: +  - Risk Models Comprehension:​ An Empirical Comparison of Tabular vs. Graphical Representations. We have conducted seven experiments on this topic on
-      * Oct 1st, 2014 in University of Trento, Italy (35 participants),​ +      * [[unitn-comprehensibility-exp-2015|Oct 1st, 2014]] in University of Trento, Italy (35 participants),​ 
-      * Nov 14th, 2014 in PUCRS University in Porto Alegre, Brazil (13 participants),​ +      * [[unitn-comprehensibility-exp-2015|Nov 14th, 2014]] in PUCRS University in Porto Alegre, Brazil (13 participants),​ 
-      * Nov 18th, 2014 in PUCRS University in Porto Alegre, Brazil (27 participants),​ +      * [[unitn-comprehensibility-exp-2015|Nov 18th, 2014]] in PUCRS University in Porto Alegre, Brazil (27 participants),​ 
-      * Sep 16th, 2015 in Cosenza, Italy at Poste Italiane cyber-security lab (52 participants),​ +      * [[unitn-comprehensibility-exp-2015|Sep 16th, 2015]] in Cosenza, Italy at Poste Italiane cyber-security lab (52 participants),​ 
-      * Sep 21st, 2015 in University of Trento, Italy (51 participants),​ +      * [[unitn-comprehensibility-exp-2015|Sep 21st, 2015]] in University of Trento, Italy (51 participants),​ 
-      * Jan-Feb 2016 was conducted ​online comprehensibility experiment with IT professionals (58 participants),​ +      * [[sid-2015-tutorial|Dec 2nd, 2015]] in Bologna, Italy with ATM professionals (15 participants),​ 
-      * Sep 21st, 2016 in University of Trento, Italy (35 participants),​+      * [[online-comprehensibility-exp-2016|Jan-Feb,  ​2016]] an online comprehensibility experiment with IT professionals (58 participants),​ 
 +      * Sep 21st, 2016 in University of Trento, Italy (35 participants)
 +  - Empirical Evaluation of CVSS Environmental Metrics. 
 +      * [[unitn_cvss_env_exp_2016|Nov 2016]] in University of TrentoItaly (29 participants).
  
  
Line 89: Line 92:
  
 ==== Publications ==== ==== Publications ====
-   * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations** ​To appear in //Empirical Software Engineering//​. Available at SSRN: [[https://​ssrn.com/​abstract=2906745]]+=== Working papers === 
 +  * M. de Gramatica, K. Labunets, F. Massacci, F. Paci, M. Ragosta, A. Tedeschi. **On the Effectiveness of Sourcing Knowledge from Catalogues in Security Risk Assessment**. To be submitted to journal. 
 +  * K. Labunets, F. Massacci, F. Paci. **An Empirical Comparison of Security Risk Assessment Methods**. To be submitted to journal. 
 + 
 +=== Published papers === 
 +   * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations**//Empirical Software Engineering// ​(2014). Available at SSRN: [[https://​ssrn.com/​abstract=2906745]]
   * K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In //​Proceedings of REFSQ'​17//​. {{:​research_activities:​experiments:​labunets-etal-refsq2017.pdf|Authors'​ Draft PDF}}.   * K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In //​Proceedings of REFSQ'​17//​. {{:​research_activities:​experiments:​labunets-etal-refsq2017.pdf|Authors'​ Draft PDF}}.
   * K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE'​15.//​ {{:​research_activities:​experiments:​2014-winter-school:​labunets-etal-empire-re15-preprint.pdf|PDF (preprint)}}   * K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE'​15.//​ {{:​research_activities:​experiments:​2014-winter-school:​labunets-etal-empire-re15-preprint.pdf|PDF (preprint)}}
validation_of_risk_and_security_requirements_methodologies.1488295504.txt.gz · Last modified: 2021/01/29 10:58 (external edit)