This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
validation_of_risk_and_security_requirements_methodologies [2017/02/28 16:25] katsiaryna.labunets@unitn.it [Experiments] |
validation_of_risk_and_security_requirements_methodologies [2021/01/29 10:58] (current) |
||
---|---|---|---|
Line 51: | Line 51: | ||
* [[eRISE 2013]] (29 students and 28 professionals), | * [[eRISE 2013]] (29 students and 28 professionals), | ||
* eRISE 2014 (56 professionals). | * eRISE 2014 (56 professionals). | ||
- | * //An Experimental Comparison of Tabular vs. Graphical Security Methods//. We have conducted several experiments on this topic: | + | * //An Experimental Comparison of Tabular vs. Graphical Security Methods//. We have conducted several experiments on this topic in: |
* Fall [[seceng-course-exp-2012|2012]] (28 participants), | * Fall [[seceng-course-exp-2012|2012]] (28 participants), | ||
* Fall [[seceng-course-exp-2013|2013]] (29 participants), | * Fall [[seceng-course-exp-2013|2013]] (29 participants), | ||
* Fall 2014 (35 participants), | * Fall 2014 (35 participants), | ||
* Fall 2015 (28 participants). | * Fall 2015 (28 participants). | ||
- | - The Role of Catalogues of Threats and Security Controls in Security Risk Assessment. On this topic we have conducted three controlled experiments with: | + | - The Role of Catalogues of Threats and Security Controls in Security Risk Assessment. On this topic we have conducted three controlled experiments in: |
* Jan 2014 with [[winter-schl-exp2014|novices]] (18 participants), | * Jan 2014 with [[winter-schl-exp2014|novices]] (18 participants), | ||
* May 2014 with [[catalogues-rome-2014|practitioners]] (15 participants). | * May 2014 with [[catalogues-rome-2014|practitioners]] (15 participants). | ||
* Nov 2016 we conducted an additional study with novices (40 participants). | * Nov 2016 we conducted an additional study with novices (40 participants). | ||
- | - Risk Models Comprehension: An Empirical Comparison of Tabular vs. Graphical Representations ([[unitn-comprehensibility-exp-2015|experiments description]]). We have conducted seven experiments on this topic: | + | - Risk Models Comprehension: An Empirical Comparison of Tabular vs. Graphical Representations. We have conducted seven experiments on this topic on: |
- | * Oct 1st, 2014 in University of Trento, Italy (35 participants), | + | * [[unitn-comprehensibility-exp-2015|Oct 1st, 2014]] in University of Trento, Italy (35 participants), |
- | * Nov 14th, 2014 in PUCRS University in Porto Alegre, Brazil (13 participants), | + | * [[unitn-comprehensibility-exp-2015|Nov 14th, 2014]] in PUCRS University in Porto Alegre, Brazil (13 participants), |
- | * Nov 18th, 2014 in PUCRS University in Porto Alegre, Brazil (27 participants), | + | * [[unitn-comprehensibility-exp-2015|Nov 18th, 2014]] in PUCRS University in Porto Alegre, Brazil (27 participants), |
- | * Sep 16th, 2015 in Cosenza, Italy at Poste Italiane cyber-security lab (52 participants), | + | * [[unitn-comprehensibility-exp-2015|Sep 16th, 2015]] in Cosenza, Italy at Poste Italiane cyber-security lab (52 participants), |
- | * Sep 21st, 2015 in University of Trento, Italy (51 participants), | + | * [[unitn-comprehensibility-exp-2015|Sep 21st, 2015]] in University of Trento, Italy (51 participants), |
- | * Jan-Feb 2016 an online comprehensibility experiment with IT professionals (58 participants), | + | * [[sid-2015-tutorial|Dec 2nd, 2015]] in Bologna, Italy with ATM professionals (15 participants), |
- | * Sep 21st, 2016 in University of Trento, Italy (35 participants), | + | * [[online-comprehensibility-exp-2016|Jan-Feb, 2016]] an online comprehensibility experiment with IT professionals (58 participants), |
+ | * Sep 21st, 2016 in University of Trento, Italy (35 participants). | ||
+ | - Empirical Evaluation of CVSS Environmental Metrics. | ||
+ | * [[unitn_cvss_env_exp_2016|Nov 2016]] in University of Trento, Italy (29 participants). | ||
Line 89: | Line 92: | ||
==== Publications ==== | ==== Publications ==== | ||
- | * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations** To appear in //Empirical Software Engineering//. Available at SSRN: [[https://ssrn.com/abstract=2906745]] | + | === Working papers === |
+ | * M. de Gramatica, K. Labunets, F. Massacci, F. Paci, M. Ragosta, A. Tedeschi. **On the Effectiveness of Sourcing Knowledge from Catalogues in Security Risk Assessment**. To be submitted to journal. | ||
+ | * K. Labunets, F. Massacci, F. Paci. **An Empirical Comparison of Security Risk Assessment Methods**. To be submitted to journal. | ||
+ | |||
+ | === Published papers === | ||
+ | * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations**. //Empirical Software Engineering// (2014). Available at SSRN: [[https://ssrn.com/abstract=2906745]] | ||
* K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In //Proceedings of REFSQ'17//. {{:research_activities:experiments:labunets-etal-refsq2017.pdf|Authors' Draft PDF}}. | * K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In //Proceedings of REFSQ'17//. {{:research_activities:experiments:labunets-etal-refsq2017.pdf|Authors' Draft PDF}}. | ||
* K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE'15.// {{:research_activities:experiments:2014-winter-school:labunets-etal-empire-re15-preprint.pdf|PDF (preprint)}} | * K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE'15.// {{:research_activities:experiments:2014-winter-school:labunets-etal-empire-re15-preprint.pdf|PDF (preprint)}} |