A new, evidence-based, theory for knowledge reuse in security risk analysis

被引：1

作者：

Labunets, Katsiaryna ^{[1
]}

Massacci, Fabio ^{[2
,3
]}

Paci, Federica ^{[4
]}

Tuma, Katja ^{[2
]}

机构：

[1] Univ Utrecht, Utrecht, Netherlands

[2] Vrije Univ Amsterdam, Amsterdam, Netherlands

[3] Univ Trento, Trento, Italy

[4] Univ Verona, Verona, Italy

来源：

EMPIRICAL SOFTWARE ENGINEERING | 2023年 / 28卷 / 04期

关键词：

Information security; Risk assessment; Empirical study; Knowledge reuse; THREAT ANALYSIS; ATTACK TREES; MANAGEMENT; COMMUNITIES; DISCOURSES; SYSTEMS; IF;

D O I：

10.1007/s10664-023-10321-y

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Security risk analysis (SRA) is a key activity in software engineering but requires heavy manual effort. Community knowledge in the form of security patterns or security catalogs can be used to support the identification of threats and security controls. However, no evidence-based theory exists about the effectiveness of security catalogs when used for security risk analysis. We adopt a grounded theory approach to propose a conceptual, revised and refined theory of SRA knowledge reuse. The theory refinement is backed by evidence gathered from conducting interviews with experts (20) and controlled experiments with both experts (15) and novice analysts (18). We conclude the paper by providing insights into the use of catalogs and managerial implications.

引用

页数：33

共 50 条

[1] A new, evidence-based, theory for knowledge reuse in security risk analysis
Katsiaryna Labunets
Fabio Massacci
Federica Paci
Katja Tuma
Empirical Software Engineering, 2023, 28
[2] Evidence-based Medicine and Knowledge Theory
Donner-Banzhoff, Norbert
Krones, Tanja
ZEITSCHRIFT FUR EVIDENZ FORTBILDUNG UND QUALITAET IM GESUNDHEITSWESEN, 2010, 104 (8-9): : 615 - 616
[3] Evidence-based medicine - Or the illusory security of evidence
Hense, HW
DEUTSCHE MEDIZINISCHE WOCHENSCHRIFT, 2001, 126 (10) : 286 - 287
[4] Logic of Evidence-based Knowledge
Shi, Chenwei
LOGIC, RATIONALITY, AND INTERACTION (LORI 2013), 2013, 8196 : 347 - 351
[5] Are federal security efforts evidence-based?
Cynthia Lum
Breanne Cave
Jordan Nichols
Security Journal, 2018, 31 : 139 - 162
[6] Are federal security efforts evidence-based?
Lum, Cynthia
Cave, Breanne
Nichols, Jordan
SECURITY JOURNAL, 2018, 31 (01) : 139 - 162
[7] An Exploratory Factor Analysis of the Knowledge of Evidence-Based Services Questionnaire
Kelsie H. Okamura
Brad J. Nakamura
Charles Mueller
Kentaro Hayashi
Charmaine K. Higa McMillan
The Journal of Behavioral Health Services & Research, 2016, 43 : 214 - 232
[8] An Exploratory Factor Analysis of the Knowledge of Evidence-Based Services Questionnaire
Okamura, Kelsie H.
Nakamura, Brad J.
Mueller, Charles
Hayashi, Kentaro
McMillan, Charmaine K. Higa
JOURNAL OF BEHAVIORAL HEALTH SERVICES & RESEARCH, 2016, 43 (02): : 214 - 232
[9] Evidence-based medicine - Or the illusory security of evidence - Reply
Rogler, G
DEUTSCHE MEDIZINISCHE WOCHENSCHRIFT, 2001, 126 (10) : 287 - 288
[10] Bringing evidence-based knowledge to the bedside
Sibbald, B
CANADIAN MEDICAL ASSOCIATION JOURNAL, 2003, 168 (06) : 760 - 760

← 1 2 3 4 5 →