The goal of the experiment is to compare the effect of using domain-general versus domain-specific catalogs of threats and security controls on security risk assessment's actual effectiveness and perception.

During the experiment we distributed among participants two type of questionnaires:

• Pre-task questionnaire to collect some information about participants and thier background: Q1.
• Post-task questionnaire to collect participants' perception of the method and catalogs: Q2.