ArgueSecure: Out-of-the-box Risk Assessment

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    Abstract

    Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.
    Original languageUndefined
    Title of host publicationProceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
    Place of PublicationUSA
    PublisherIEEE Computer Society
    Pages74-79
    Number of pages6
    ISBN (Print)978-1-5090-3694-3
    DOIs
    Publication statusPublished - Sep 2016

    Publication series

    Name
    PublisherIEEE Computer Society

    Keywords

    • EC Grant Agreement nr.: FP7/318003
    • EWI-27300
    • EC Grant Agreement nr.: FP7/2007-2013
    • IR-101750
    • METIS-318549

    Cite this

    Ionita, D., Kegel, R. HP., Wieringa, R. J., & Baltuta, A. (2016). ArgueSecure: Out-of-the-box Risk Assessment. In Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) (pp. 74-79). USA: IEEE Computer Society. https://doi.org/10.1109/REW.2016.027
    Ionita, Dan ; Kegel, Roeland Hendrik,Pieter ; Wieringa, Roelf J. ; Baltuta, Andrei. / ArgueSecure: Out-of-the-box Risk Assessment. Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE). USA : IEEE Computer Society, 2016. pp. 74-79
    @inproceedings{12c7221e3ab94b47856d05c8c130faab,
    title = "ArgueSecure: Out-of-the-box Risk Assessment",
    abstract = "Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.",
    keywords = "EC Grant Agreement nr.: FP7/318003, EWI-27300, EC Grant Agreement nr.: FP7/2007-2013, IR-101750, METIS-318549",
    author = "Dan Ionita and Kegel, {Roeland Hendrik,Pieter} and Wieringa, {Roelf J.} and Andrei Baltuta",
    note = "Foreground = 100{\%} ; Type of activity = Conference; Main leader = UT; Type of audience = Scientific community; Size of audience = 10; Countries addressed = International;",
    year = "2016",
    month = "9",
    doi = "10.1109/REW.2016.027",
    language = "Undefined",
    isbn = "978-1-5090-3694-3",
    publisher = "IEEE Computer Society",
    pages = "74--79",
    booktitle = "Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)",
    address = "United States",

    }

    Ionita, D, Kegel, RHP, Wieringa, RJ & Baltuta, A 2016, ArgueSecure: Out-of-the-box Risk Assessment. in Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE). IEEE Computer Society, USA, pp. 74-79. https://doi.org/10.1109/REW.2016.027

    ArgueSecure: Out-of-the-box Risk Assessment. / Ionita, Dan; Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Baltuta, Andrei.

    Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE). USA : IEEE Computer Society, 2016. p. 74-79.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - ArgueSecure: Out-of-the-box Risk Assessment

    AU - Ionita, Dan

    AU - Kegel, Roeland Hendrik,Pieter

    AU - Wieringa, Roelf J.

    AU - Baltuta, Andrei

    N1 - Foreground = 100% ; Type of activity = Conference; Main leader = UT; Type of audience = Scientific community; Size of audience = 10; Countries addressed = International;

    PY - 2016/9

    Y1 - 2016/9

    N2 - Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.

    AB - Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.

    KW - EC Grant Agreement nr.: FP7/318003

    KW - EWI-27300

    KW - EC Grant Agreement nr.: FP7/2007-2013

    KW - IR-101750

    KW - METIS-318549

    U2 - 10.1109/REW.2016.027

    DO - 10.1109/REW.2016.027

    M3 - Conference contribution

    SN - 978-1-5090-3694-3

    SP - 74

    EP - 79

    BT - Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)

    PB - IEEE Computer Society

    CY - USA

    ER -

    Ionita D, Kegel RHP, Wieringa RJ, Baltuta A. ArgueSecure: Out-of-the-box Risk Assessment. In Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE). USA: IEEE Computer Society. 2016. p. 74-79 https://doi.org/10.1109/REW.2016.027