[en] Security risk assessment methods are numerous, and it might be confusing for organizations to select one. Researchers have conducted empirical studies with established methods in order to find factors that influence their eff ectiveness and ease of use. In this paper we evaluate the recent TREsPASS semi-automated risk assessment method with respect to the factors identfii ed as critical in several controlled experiments. We also argue that automation of risk assessment raises new research questions that need to be thoroughly investigated in future empirical studies.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust - SnT
Disciplines :
Sciences informatiques
Auteur, co-auteur :
GADYATSKAYA, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Labunets, Katsiaryna; University of Trento
Paci, Federica; University of Southampton
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Towards Empirical Evaluation of Automated Risk Assessment Methods
Date de publication/diffusion :
2016
Nom de la manifestation :
The 11th International Conference on Risks and Security of Internet and Systems (CRiSIS)
Date de la manifestation :
from 05-09-2016 to 07-09-2016
Manifestation à portée :
International
Titre de l'ouvrage principal :
Risks and Security of Internet and Systems
Maison d'édition :
Springer
Collection et n° de collection :
LNCS 10158
Peer reviewed :
Peer reviewed
Projet européen :
FP7 - 318003 - TRESPASS - Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security
