validation_of_risk_and_security_requirements_methodologies
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
validation_of_risk_and_security_requirements_methodologies [2017/02/28 13:50] – [Experiments] katsiaryna.labunets@unitn.it | validation_of_risk_and_security_requirements_methodologies [2017/04/22 23:18] – [Experiments] katsiaryna.labunets@unitn.it | ||
---|---|---|---|
Line 46: | Line 46: | ||
- Empirical validation of Risk and Security Requirements Methodologies | - Empirical validation of Risk and Security Requirements Methodologies | ||
- | * **The e-RISE challenge**. eRISE is an annual challenge that aims to compare the effectiveness of academic methods for the elicitation and analysis of threats and security requirements and investigate why these methods are effective. | + | * //The e-RISE challenge//. eRISE is an annual challenge that aims to compare the effectiveness of academic methods for the elicitation and analysis of threats and security requirements and investigate why these methods are effective. |
- | * An Experimental Comparison of Two Risk-Based | + | * [[eRISE 2011]] |
- | - The Role of Catalogues of Threats and Security Controls in Security Risk Assessment. | + | * [[eRISE 2012]] |
- | - Risk Models Comprehension: | + | * [[eRISE 2013]] |
+ | * eRISE 2014 (56 professionals). | ||
+ | * //An Experimental Comparison of Tabular vs. Graphical | ||
+ | * Fall [[seceng-course-exp-2012|2012]] (28 participants), | ||
+ | * Fall [[seceng-course-exp-2013|2013]] (29 participants), | ||
+ | * Fall 2014 (35 participants), | ||
+ | * Fall 2015 (28 participants). | ||
+ | - The Role of Catalogues of Threats and Security Controls in Security Risk Assessment. | ||
+ | * Jan 2014 with [[winter-schl-exp2014|novices]] | ||
+ | * May 2014 with [[catalogues-rome-2014|practitioners]] | ||
+ | * Nov 2016 we conducted an additional study with novices (40 participants). | ||
+ | - Risk Models Comprehension: | ||
+ | * [[unitn-comprehensibility-exp-2015|Oct 1st, 2014]] in University of Trento, Italy (35 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Nov 14th, 2014]] in PUCRS University in Porto Alegre, Brazil (13 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Nov 18th, 2014]] in PUCRS University in Porto Alegre, Brazil (27 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Sep 16th, 2015]] in Cosenza, Italy at Poste Italiane cyber-security lab (52 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Sep 21st, 2015]] in University of Trento, Italy (51 participants), | ||
+ | * [[sid-2015-tutorial|Dec 2nd, 2015]] in Bologna, Italy with ATM professionals (15 participants), | ||
+ | * [[online-comprehensibility-exp-2016|Jan-Feb, | ||
+ | * Sep 21st, 2016 in University of Trento, Italy (35 participants). | ||
+ | - Empirical Evaluation of CVSS Environmental Metrics. | ||
+ | * [[nov_2016|Nov 2016]] in University of Trento, Italy (29 participants). | ||
Line 71: | Line 92: | ||
==== Publications ==== | ==== Publications ==== | ||
- | * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations** | + | === Working papers === |
+ | * M. de Gramatica, K. Labunets, F. Massacci, F. Paci, M. Ragosta, A. Tedeschi. **On the Effectiveness of Sourcing Knowledge from Catalogues in Security Risk Assessment**. To be submitted to journal. | ||
+ | * K. Labunets, F. Massacci, F. Paci. **An Empirical Comparison of Security Risk Assessment Methods**. To be submitted to journal. | ||
+ | |||
+ | === Published papers === | ||
+ | * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations**. //Empirical Software Engineering// | ||
* K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In // | * K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In // | ||
* K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE' | * K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE' |
validation_of_risk_and_security_requirements_methodologies.txt · Last modified: 2021/01/29 10:58 by 127.0.0.1