TY - GEN
T1 - ArgueSecure: Out-of-the-box Risk Assessment
AU - Ionita, Dan
AU - Kegel, Roeland
AU - Baltuta, Andrei
AU - Wieringa, Roel
N1 - Foreground = 100% ;
Type of activity = Conference;
Main leader = UT;
Type of audience = Scientific community;
Size of audience = 10;
Countries addressed = International;
PY - 2016/9
Y1 - 2016/9
N2 - Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate.
As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework.
This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.
AB - Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate.
As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework.
This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. This tree structure intuitively encodes argument traces, therefore maintaining traceability of the results and providing insight into the decision process.
KW - EC Grant Agreement nr.: FP7/318003
KW - EC Grant Agreement nr.: FP7/2007-2013
U2 - 10.1109/REW.2016.027
DO - 10.1109/REW.2016.027
M3 - Conference contribution
SN - 978-1-5090-3694-3
SP - 74
EP - 79
BT - Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
PB - IEEE
CY - Piscataway, NJ
T2 - 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
Y2 - 12 September 2016 through 12 September 2016
ER -