Effects of information security risk visualization on managerial decision making

Yıldız, Esra; Böhme, Rainer

doi:10.14722/eurousec.2017.23010

Cited by 1 publication

(2 citation statements)

References 51 publications

(60 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The last one contains empirical studies comparing graphical and textual representations for, e.g., business processes [36], software architectures [17], safety and system requirements [9, 42, 44ś46]. Recently, there were published a few empirical studies examining representations for security risks [15,19,25,50] or comparing graphical and tabular methods for security risk assessment in full scale application [22,24,27,30].…”

Section: Related Workmentioning

confidence: 99%

“…Yildiz and Böhme [50] recently conducted a controlled experiment with 85 participants to investigate the effects of risk visualization on managerial decision making in information security. This study showed that supplementing a textual description of security decision problem with graphical representation improves risk perception and participants' confidence in decisions, but does not contribute to the comprehension of the problem or security investment decision.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

No search allowed

Labunets

2018

Proceedings of the 12th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement

View full text Add to dashboard Cite

Background] Industry relies on the use of tabular notations to document the risk assessment results, while academia encourages to use graphical notations. Previous studies revealed that tabular and graphical notations with textual labels provide better support for extracting correct information about security risks in comparison to iconic graphical notation.[Aim] In this study we examine how well tabular and graphical risk modeling notations support extraction and memorization of information about risks when models cannot be searched. [Method] We present results of two experiments with 60 MSc and 31 BSc students where we compared their performance in extraction and memorization of security risk models in tabular, UML-style and iconic graphical modeling notations.[Result] Once search is restricted, tabular notation demonstrates results similar to the iconic graphical notation in information extraction. In memorization task tabular and graphical notations showed equivalent results, but it is statistically significant only between two graphical notations.[Conclusion] Three notations provide similar support to decision-makers when they need to extract and remember correct information about security risks.

show abstract