The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals

  title={The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals},
  author={Martina de Gramatica and Katsiaryna Labunets and Fabio Massacci and Federica Paci and Alessandra Tedeschi},
[Context and motivation] To remedy the lack of security expertise, industrial security risk assessment methods come with catalogues of threats and security controls. [Question/problem] We investigate in both qualitative and quantitative terms whether the use of catalogues of threats and security controls has an effect on the actual and perceived effectiveness of a security risk assessment method. In particular, we assessed the effect of using domain-specific versus domain-general catalogues on… 

Which security catalogue is better for novices?

An experiment with 18 MSc students conducted to compare the effect of using domain-specific and domain-general catalogues of threats and security controls on the actual efficacy and perception of a security risk assessment method shows that there is no difference in theactual efficacy of the method when applied with the two types of catalogues.

Systematic Treatment of Security Risks during Requirements Engineering

This work proposes a stepwise method that allows selecting and documenting suitable countermeasures, i.e. controls, during requirements engineering that can be used as input for the design phase, thus helping to create an architecture that considers security right from the beginning.

Evaluating the degree of security of a system built using security patterns

A metric for the security of systems that have been built using security patterns is proposed, which performs threat enumeration, checks if the patterns in the product have stopped the threats, and calculates the coverage of these threats by the patterns.

Model comprehension for security risk assessment: an empirical comparison of tabular vs. graphical representations

The experimental results show that tabular risk models are more effective than the graphical ones with respect to simple comprehension tasks and in some cases are moreeffective for complex comprehension tasks.

64 16461 – Assessing ICT Security Risks in Socio-Technical Systems Classical Risk Assessment

This report documents the program and the outcomes of Dagstuhl Seminar 16461 “Assessing ICT Security Risks in Socio-Technical Systems”, which searched for novel security risk assessment methods that integrate different types of socio-technical security metrics.

On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment

This work compares methods based on those two notations with respect to their actual and perceived efficacy when both groups are equipped with a domain-specific security catalogue.

Identifying the implied: Findings from three differentiated replications on the use of security requirements templates

Qualitative findings indicate that participants may be able to differentiate between relevant and extraneous templates suggestions and be more inclined to fill in the templates with additional support, supporting the findings of the original study.

An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags

This work proposes a novel experimental approach for estimating the risk of compromise based on experimental data, as opposed to observational data, by leveraging on cyber ranges and capture the flag exercises.

Online and offline classification of traces of event logs on the basis of security risks

In this framework, the operation/activity mapping is encoded probabilistically, and the behavioral rules are expressed in terms of precedence/causality constraints over the activities, grouped into mandatory, highly recommended, and recommended requirements.



An experiment on comparing textual vs. visual industrial methods for security risk assessment

A controlled experiment is conducted to compare the effectiveness and participants' perception of visual versus textual methods for security risk assessment used in industry and shows that while there is no difference in the actual effectiveness of the two methods, the visual method is better perceived by the participants.

An Experimental Comparison of Two Risk-Based Security Methods

The main findings were that the visual method is more effective for identifying threats than the textual one, while the textual method is slightly moreeffective for eliciting security requirements.

A descriptive study of Microsoft’s threat modeling technique

The evaluation of STRIDE is evaluated via a descriptive study that involved 57 students in their last master year in computer science to assess how many valid threats per hour are produced on average and the correctness of the analysis results.

SP 800-30. Risk Management Guide for Information Technology Systems

Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Organizations use risk assessment, the first step in the risk management

Recommended Security Controls for Federal Information Systems

This guideline is consistent with the requirements of the Federal Information Security Management Act of 2002 and Homeland Security Presidential Directive #12 and has been prepared for use by federal agencies.

Experimental Comparison of Two Safety Analysis Methods and Its Replication

Comparing CFT and FT with regard to the capabilities of the safety analysis methods and to the participants' rating of the consistency, clarity, and maintainability of the methods concludes that CFT have the potential of being beneficial for companies looking for a safety analysis approach for projects using model-based development.

Knowledge for Software Security

These are the kinds of security knowledge that can provide a solid foundation for software security practices and play a central role in encapsulating and spreading the emerging discipline more efficiently.

Assessing a requirements evolution approach: Empirical studies in the Air Traffic Management domain

A family of empirical studies about the applicability and usefulness of an approach for modeling evolving requirements in complex industrial settings such as the ones in the ATM domain demonstrated the usefulness of the approach.