[en] Security risk assessment methods are numerous, and it might be confusing for organizations to select one. Researchers have conducted empirical studies with established methods in order to find factors that influence their eff ectiveness and ease of use. In this paper we evaluate the recent TREsPASS semi-automated risk assessment method with respect to the factors identfii ed as critical in several controlled experiments. We also argue that automation of risk assessment raises new research questions that need to be thoroughly investigated in future empirical studies.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust - SnT
Disciplines :
Computer science
Author, co-author :
GADYATSKAYA, Olga ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Labunets, Katsiaryna; University of Trento
Paci, Federica; University of Southampton
External co-authors :
yes
Language :
English
Title :
Towards Empirical Evaluation of Automated Risk Assessment Methods
Publication date :
2016
Event name :
The 11th International Conference on Risks and Security of Internet and Systems (CRiSIS)
Event date :
from 05-09-2016 to 07-09-2016
Audience :
International
Main work title :
Risks and Security of Internet and Systems
Publisher :
Springer
Collection name :
LNCS 10158
Peer reviewed :
Peer reviewed
European Projects :
FP7 - 318003 - TRESPASS - Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security
