A new, evidence-based, theory for knowledge reuse in security risk analysis

被引：1

作者：

Labunets, Katsiaryna ^{[1
]}

Massacci, Fabio ^{[2
,3
]}

Paci, Federica ^{[4
]}

Tuma, Katja ^{[2
]}

机构：

[1] Univ Utrecht, Utrecht, Netherlands

[2] Vrije Univ Amsterdam, Amsterdam, Netherlands

[3] Univ Trento, Trento, Italy

[4] Univ Verona, Verona, Italy

来源：

EMPIRICAL SOFTWARE ENGINEERING | 2023年 / 28卷 / 04期

关键词：

Information security; Risk assessment; Empirical study; Knowledge reuse; THREAT ANALYSIS; ATTACK TREES; MANAGEMENT; COMMUNITIES; DISCOURSES; SYSTEMS; IF;

D O I：

10.1007/s10664-023-10321-y

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Security risk analysis (SRA) is a key activity in software engineering but requires heavy manual effort. Community knowledge in the form of security patterns or security catalogs can be used to support the identification of threats and security controls. However, no evidence-based theory exists about the effectiveness of security catalogs when used for security risk analysis. We adopt a grounded theory approach to propose a conceptual, revised and refined theory of SRA knowledge reuse. The theory refinement is backed by evidence gathered from conducting interviews with experts (20) and controlled experiments with both experts (15) and novice analysts (18). We conclude the paper by providing insights into the use of catalogs and managerial implications.

引用

页数：33

共 50 条

[31] Peripheral Neuropathy in HIV: An Analysis of Evidence-based Approaches
Nicholas, Patrice K.
Corless, Inge B.
Evans, Linda A.
JANAC-JOURNAL OF THE ASSOCIATION OF NURSES IN AIDS CARE, 2014, 25 (04): : 318 - 329
[32] Taking Root: a grounded theory on evidence-based nursing implementation in China
Cheng, L.
Broome, M. E.
Feng, S.
Hu, Y.
INTERNATIONAL NURSING REVIEW, 2018, 65 (02) : 270 - 278
[33] Evidence-Based Playground Design: Lessons Learned from Theory to Practice
Refshauge, Anne Dahl
Stigsdotter, Ulrika K.
Lamm, Bettina
Thorleifsdottir, Kristin
LANDSCAPE RESEARCH, 2015, 40 (02) : 226 - 246
[34] Danger Theory Based Model for Network Security Risk Assessment
Sun, Feixian
SPORTS MATERIALS, MODELLING AND SIMULATION, 2011, 187 : 148 - 154
[35] Study on Risk Assessment of Network Security Based on Game Theory
Xu Yanli
Wang Lingling
ADVANCED MATERIALS SCIENCE AND TECHNOLOGY, PTS 1-2, 2011, 181-182 : 799 - +
[36] Risk-Informed Intervention: Using Intimate Partner Violence Risk Assessment within an Evidence-Based Practice Framework
Messing, Jill Theresa
SOCIAL WORK, 2019, 64 (02) : 103 - 111
[37] Closing the gap: The effect of an evidence-based intervention in increasing COPD nurses' knowledge
Staiou, Maria
Gourgoulianis, Konstantinos
Kotrotsiou, Evangelia
Raftopoulos, Vasilios
NURSING FORUM, 2021, 56 (01) : 30 - 36
[38] Calling Evidence-Based Practice into Question: Acknowledging Phronetic Knowledge in Social Work
Petersen, Anna Charlotta
Olsson, Jan Ingvar
BRITISH JOURNAL OF SOCIAL WORK, 2015, 45 (05): : 1581 - 1597
[39] STRATEGIES FOR REHABILITATION PROFESSIONALS TO MOVE EVIDENCE-BASED KNOWLEDGE INTO PRACTICE: A SYSTEMATIC REVIEW
Menon, Anita
Korner-Bitensky, Nicol
Kastner, Monika
McKibbon, K. Ann
Straus, Sharon
JOURNAL OF REHABILITATION MEDICINE, 2009, 41 (13) : 1024 - 1032
[40] Effective Application of Knowledge Management in Evidence-based Chinese Medicine: A Case Study
Yang, Angela Weihong
Allan, Garry
Li, Chun Guang
Xue, Charlie Changli
EVIDENCE-BASED COMPLEMENTARY AND ALTERNATIVE MEDICINE, 2009, 6 (03) : 393 - 398

← 1 2 3 4 5 →