The goal of the experiment is to compare the effect of using domain-general versus domain-specific catalogs of threats and security controls on security risk assessment's actual effectiveness and perception. See the main page for our work on empirical validation of security risk assessment methods and other experiments.

During the experiment we distributed among participants two type of questionnaires:

• Pre-task questionnaire to collect some information about participants and thier background:Q1.
• Post-task questionnaire to collect participants' perception of the method and catalogues: Q2 .