ArgueSecure: Out-of-the-box Risk Assessment

Dan Ionita, Roeland Kegel, Andrei Baltuta, Roel Wieringa

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    11 Downloads (Pure)

    Abstract

    Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.
    Original languageEnglish
    Title of host publicationProceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
    Place of PublicationPiscataway, NJ
    PublisherIEEE
    Pages74-79
    Number of pages6
    ISBN (Print)978-1-5090-3694-3
    DOIs
    Publication statusPublished - Sept 2016
    Event2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) - Beijing, China
    Duration: 12 Sept 201612 Sept 2016

    Workshop

    Workshop2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
    Period12/09/1612/09/16
    Other12 Sept 2016

    Keywords

    • EC Grant Agreement nr.: FP7/318003
    • EC Grant Agreement nr.: FP7/2007-2013

    Fingerprint

    Dive into the research topics of 'ArgueSecure: Out-of-the-box Risk Assessment'. Together they form a unique fingerprint.

    Cite this