This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
winter-schl-exp2014 [2017/02/28 11:21] katsiaryna.labunets@unitn.it |
winter-schl-exp2014 [2017/02/28 13:35] katsiaryna.labunets@unitn.it [Evaluating the Effect of the Catalogs Usage on Security Threats and Controls Identification (Novices)] |
||
---|---|---|---|
Line 2: | Line 2: | ||
====== Evaluating the Effect of the Catalogs Usage on Security Threats and Controls Identification (Novices) ====== | ====== Evaluating the Effect of the Catalogs Usage on Security Threats and Controls Identification (Novices) ====== | ||
- | This page provides additional resources that enable replication of our work published at {{:research_activities:experiments:2014-winter-school:labunets-etal-empire-re15-preprint.pdf|EmpiRE at RE 2015}}. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments. | + | This page provides additional resources that enable replication of our work published at {{:research_activities:experiments:2014-winter-school:labunets-etal-empire-re15-preprint.pdf|EmpiRE2015}}. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments. |
===== Goals ===== | ===== Goals ===== | ||
Line 15: | Line 15: | ||
To conduct security risk assessment the groups used SESAR ATM Security Risk Assessment Method (SecRAM). As an instance of domain-specific catalogues we used the security catalogue developed by EUROCONTROL which come with SecRAM method. As an instance of domain-general catalogues we chose the threats and security controls catalogues of the [[https://www.bsi.bund.de/EN/Topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzcatalogues_node.html|BSI IT-Grundschutz standard]]. | To conduct security risk assessment the groups used SESAR ATM Security Risk Assessment Method (SecRAM). As an instance of domain-specific catalogues we used the security catalogue developed by EUROCONTROL which come with SecRAM method. As an instance of domain-general catalogues we chose the threats and security controls catalogues of the [[https://www.bsi.bund.de/EN/Topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzcatalogues_node.html|BSI IT-Grundschutz standard]]. | ||
- | **The materials related to SecRAM method and EUROCONTROL EATM catalogues are confidential and available upon request.** | + | **The materials related to SecRAM method and EUROCONTROL EATM catalogues are confidential.** |
==== Application Scenario ==== | ==== Application Scenario ==== | ||
Line 27: | Line 27: | ||
===== Measurements ===== | ===== Measurements ===== | ||
During the experiment we distributed among participants two type of questionnaires: | During the experiment we distributed among participants two type of questionnaires: | ||
- | * Pre-task questionnaire to collect some information about participants and their background:{{:research_activities:experiments:2014-winter-school:2014-trento-winter-school-q1.pdf|Q1 - Background Questionnaire}}. | + | * Pre-task questionnaire to collect some information about participants and their background:{{:research_activities:experiments:2014-winter-school:2014-trento-winter-school-q1.pdf|Background Questionnaire}}. |
* Post-task questionnaire to collect participants' perception of the method and catalogues: {{:research_activities:experiments:2014-winter-school:2014-trento-winter-school-q2-domcat.pdf|version for domain-specific catalogues}} and {{:research_activities:experiments:2014-winter-school:2014-trento-winter-school-q2-gencat.pdf|domain-general catalogues}}. | * Post-task questionnaire to collect participants' perception of the method and catalogues: {{:research_activities:experiments:2014-winter-school:2014-trento-winter-school-q2-domcat.pdf|version for domain-specific catalogues}} and {{:research_activities:experiments:2014-winter-school:2014-trento-winter-school-q2-gencat.pdf|domain-general catalogues}}. | ||
**Data collected during the experiment are available upon request.** | **Data collected during the experiment are available upon request.** |