ArgueSecure: Out-of-the-box Risk Assessment

Dan Ionita; Roeland Kegel; Andrei Baltuta; Roel Wieringa

doi:10.1109/REW.2016.027

ArgueSecure: Out-of-the-box Risk Assessment

Dan Ionita, Roeland Kegel, Andrei Baltuta, Roel Wieringa

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.

Original language	English
Title of host publication	Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
Place of Publication	Piscataway, NJ
Publisher	IEEE Computer Society
Pages	74-79
Number of pages	6
ISBN (Print)	978-1-5090-3694-3
DOIs	https://doi.org/10.1109/REW.2016.027
Publication status	Published - Sep 2016
Event	2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) - Beijing, China Duration: 12 Sep 2016 → 12 Sep 2016

Workshop

Workshop	2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
Period	12/09/16 → 12/09/16
Other	12 Sept 2016

Keywords

EC Grant Agreement nr.: FP7/318003
EC Grant Agreement nr.: FP7/2007-2013

Access to Document

10.1109/REW.2016.027

Cite this

@inproceedings{12c7221e3ab94b47856d05c8c130faab,

title = "ArgueSecure: Out-of-the-box Risk Assessment",

abstract = "Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.",

keywords = "EC Grant Agreement nr.: FP7/318003, EC Grant Agreement nr.: FP7/2007-2013",

author = "Dan Ionita and Roeland Kegel and Andrei Baltuta and Roel Wieringa",

note = "Foreground = 100% ; Type of activity = Conference; Main leader = UT; Type of audience = Scientific community; Size of audience = 10; Countries addressed = International;; 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) ; Conference date: 12-09-2016 Through 12-09-2016",

year = "2016",

month = sep,

doi = "10.1109/REW.2016.027",

language = "English",

isbn = "978-1-5090-3694-3",

pages = "74--79",

booktitle = "Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)",

publisher = "IEEE Computer Society",

address = "United States",

}

Ionita, D, Kegel, R, Baltuta, A & Wieringa, R 2016, ArgueSecure: Out-of-the-box Risk Assessment. in Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE). IEEE Computer Society, Piscataway, NJ, pp. 74-79, 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), 12/09/16. https://doi.org/10.1109/REW.2016.027

ArgueSecure: Out-of-the-box Risk Assessment. / Ionita, Dan; Kegel, Roeland; Baltuta, Andrei; Wieringa, Roel.

Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE). Piscataway, NJ : IEEE Computer Society, 2016. p. 74-79.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - ArgueSecure: Out-of-the-box Risk Assessment

AU - Ionita, Dan

AU - Kegel, Roeland

AU - Baltuta, Andrei

AU - Wieringa, Roel

N1 - Foreground = 100% ; Type of activity = Conference; Main leader = UT; Type of audience = Scientific community; Size of audience = 10; Countries addressed = International;

PY - 2016/9

Y1 - 2016/9

N2 - Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.

AB - Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.

KW - EC Grant Agreement nr.: FP7/318003

KW - EC Grant Agreement nr.: FP7/2007-2013

U2 - 10.1109/REW.2016.027

DO - 10.1109/REW.2016.027

M3 - Conference contribution

SN - 978-1-5090-3694-3

SP - 74

EP - 79

BT - Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)

PB - IEEE Computer Society

CY - Piscataway, NJ

T2 - 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)

Y2 - 12 September 2016 through 12 September 2016

ER -

ArgueSecure: Out-of-the-box Risk Assessment

Abstract

Workshop

Keywords

Access to Document

Fingerprint

Cite this