Towards Empirical Evaluation of Automated Risk Assessment Methods
|Title||Towards Empirical Evaluation of Automated Risk Assessment Methods|
|Publication Type||Conference Paper|
|Year of Publication||2016|
|Authors||Gadyatskaya O., Labunets K., Paci F.|
|Conference Name||11th International Conference on Risks and Security of Internet and Systems, CRiSIS 2016, Roscoff, France|
Security risk assessment methods are numerous, and it might be confusing for organizations to select one. Researchers have conducted empirical studies with established methods in order to find factors that influence their effectiveness and ease of use. In this paper we evaluate the recent TREsPASS semi-automated risk assessment method with respect to the factors identified as critical in several controlled experiments. We also argue that automation of risk assessment raises new research questions that need to be thoroughly investigated in future empirical studies.