Towards Empirical Evaluation of Automated Risk Assessment Methods

TitleTowards Empirical Evaluation of Automated Risk Assessment Methods
Publication TypeConference Paper
Year of Publication2016
AuthorsGadyatskaya O., Labunets K., Paci F.
Conference Name11th International Conference on Risks and Security of Internet and Systems, CRiSIS 2016, Roscoff, France
PublisherSpringer
Conference LocationBerlin
Abstract

Security risk assessment methods are numerous, and it might be confusing for organizations to select one. Researchers have conducted empirical studies with established methods in order to find factors that influence their effectiveness and ease of use. In this paper we evaluate the recent TREsPASS semi-automated risk assessment method with respect to the factors identified as critical in several controlled experiments. We also argue that automation of risk assessment raises new research questions that need to be thoroughly investigated in future empirical studies.