A new, evidence-based, theory for knowledge reuse in security risk analysis

被引：1

作者：

Labunets, Katsiaryna ^{[1
]}

Massacci, Fabio ^{[2
,3
]}

Paci, Federica ^{[4
]}

Tuma, Katja ^{[2
]}

机构：

[1] Univ Utrecht, Utrecht, Netherlands

[2] Vrije Univ Amsterdam, Amsterdam, Netherlands

[3] Univ Trento, Trento, Italy

[4] Univ Verona, Verona, Italy

来源：

EMPIRICAL SOFTWARE ENGINEERING | 2023年 / 28卷 / 04期

关键词：

Information security; Risk assessment; Empirical study; Knowledge reuse; THREAT ANALYSIS; ATTACK TREES; MANAGEMENT; COMMUNITIES; DISCOURSES; SYSTEMS; IF;

D O I：

10.1007/s10664-023-10321-y

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Security risk analysis (SRA) is a key activity in software engineering but requires heavy manual effort. Community knowledge in the form of security patterns or security catalogs can be used to support the identification of threats and security controls. However, no evidence-based theory exists about the effectiveness of security catalogs when used for security risk analysis. We adopt a grounded theory approach to propose a conceptual, revised and refined theory of SRA knowledge reuse. The theory refinement is backed by evidence gathered from conducting interviews with experts (20) and controlled experiments with both experts (15) and novice analysts (18). We conclude the paper by providing insights into the use of catalogs and managerial implications.

引用

页数：33

共 50 条

[21] Perspectives on evidence-based knowledge for teachers: acquisition, mobilisation and utilisation.
La Velle, Linda
Flores, Maria Assuncao
JOURNAL OF EDUCATION FOR TEACHING, 2018, 44 (05) : 524 - 538
[22] Awareness,knowledge and practice of evidence-based dentistry amongst dentists in Kuwait
Haron, I. M.
Sabti, M. Y.
Omar, R.
EUROPEAN JOURNAL OF DENTAL EDUCATION, 2012, 16 (01) : E47 - E52
[23] Evidence-Based Toxicology: "Sound Science" in New Disguise
Ruden, Christina
Hansson, Sven Ove
INTERNATIONAL JOURNAL OF OCCUPATIONAL AND ENVIRONMENTAL HEALTH, 2008, 14 (04) : 299 - 306
[24] Evidence-Based Policymaking in Times of Acute Crisis: Comparing the Use of Scientific Knowledge in Germany, Switzerland, and Italy
Hadorn, Susanne
Sager, Fritz
Mavrot, Celine
Malandrino, Anna
Ege, Joern
POLITISCHE VIERTELJAHRESSCHRIFT, 2022, 63 (02) : 359 - 382
[25] Developing Behavioral and Evidence-Based Programs for Wildfire Risk Mitigation
Byerly, Hilary
Meldrum, James R.
Brenkert-Smith, Hannah
Champ, Patricia
Gomez, Jamie
Falk, Lilia
Barth, Chris
FIRE-SWITZERLAND, 2020, 3 (04): : 1 - 9
[26] Evidence-based familial risk explanations in cancer genetic counselling
Thomassen, Goril
Sarangi, Srikant
HEALTH RISK & SOCIETY, 2012, 14 (7-8) : 607 - 626
[27] Evidence-based risk factors for postoperative deep vein thrombosis
Edmonds, MJR
Crichton, TJH
Runciman, WB
Pradhan, M
ANZ JOURNAL OF SURGERY, 2004, 74 (12) : 1082 - 1097
[28] Mental Illness, Violence, and Risk Assessment: An Evidence-Based Review
Lurigio, Arthur J.
Harris, Andrew J.
VICTIMS & OFFENDERS, 2009, 4 (04) : 341 - 347
[29] Gray Relational Analysis based Method for Information Security Risk Assessment
Zhou, Li
Zhou, Yanhui
PROCEEDINGS OF 2012 7TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE & EDUCATION, VOLS I-VI, 2012, : 1086 - 1089
[30] Insights into prescribing patterns for antidepressants: an evidence-based analysis
Min, Hua
Alemi, Farrokh
BMC MEDICAL INFORMATICS AND DECISION MAKING, 2025, 25 (01)

← 1 2 3 4 5 →