{"title":"揭示安全风险评估中人为因素的作用","authors":"Winnie Mbaka","doi":"10.1145/3573074.3573092","DOIUrl":null,"url":null,"abstract":"[Background:] Security-by-design techniques (e.g., STRIDE) are used to elicit system threats before they are exploited. Since security threat assessment is performed on a conceptualised model of the system under analysis, human expertise is relied upon to exhaustively elicit all possible threats. To this end, the outcomes of threat analysis depend on the individual actors involved in the process. However, human expertise can be biased depending on certain or a combination of human factors. [Goal:] With this work, we aim to unveil the effect (if any) of human factors (e.g., gender, age, seniority, educational background, nationality) to security risk assessment. [Method:] To contribute to this body of knowledge, we are conducting a state-of-the-art literature review and several experiments with human participants (experts and non-experts) in the domain of security and risk assessment. First, the topic and technical domain are described in general. Second, preliminary results of the on-going literature review are presented. Finally, a research plan is described including research questions, treatment, and participant recruitment.","PeriodicalId":432885,"journal":{"name":"ACM SIGSOFT Software Engineering Notes","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards Unveiling Effects Of Human Factors Within Security Risk Assessment\",\"authors\":\"Winnie Mbaka\",\"doi\":\"10.1145/3573074.3573092\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"[Background:] Security-by-design techniques (e.g., STRIDE) are used to elicit system threats before they are exploited. Since security threat assessment is performed on a conceptualised model of the system under analysis, human expertise is relied upon to exhaustively elicit all possible threats. To this end, the outcomes of threat analysis depend on the individual actors involved in the process. However, human expertise can be biased depending on certain or a combination of human factors. [Goal:] With this work, we aim to unveil the effect (if any) of human factors (e.g., gender, age, seniority, educational background, nationality) to security risk assessment. [Method:] To contribute to this body of knowledge, we are conducting a state-of-the-art literature review and several experiments with human participants (experts and non-experts) in the domain of security and risk assessment. First, the topic and technical domain are described in general. Second, preliminary results of the on-going literature review are presented. Finally, a research plan is described including research questions, treatment, and participant recruitment.\",\"PeriodicalId\":432885,\"journal\":{\"name\":\"ACM SIGSOFT Software Engineering Notes\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM SIGSOFT Software Engineering Notes\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3573074.3573092\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM SIGSOFT Software Engineering Notes","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3573074.3573092","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Unveiling Effects Of Human Factors Within Security Risk Assessment
[Background:] Security-by-design techniques (e.g., STRIDE) are used to elicit system threats before they are exploited. Since security threat assessment is performed on a conceptualised model of the system under analysis, human expertise is relied upon to exhaustively elicit all possible threats. To this end, the outcomes of threat analysis depend on the individual actors involved in the process. However, human expertise can be biased depending on certain or a combination of human factors. [Goal:] With this work, we aim to unveil the effect (if any) of human factors (e.g., gender, age, seniority, educational background, nationality) to security risk assessment. [Method:] To contribute to this body of knowledge, we are conducting a state-of-the-art literature review and several experiments with human participants (experts and non-experts) in the domain of security and risk assessment. First, the topic and technical domain are described in general. Second, preliminary results of the on-going literature review are presented. Finally, a research plan is described including research questions, treatment, and participant recruitment.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
