The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines metho...
The security of software systems in recent years has been transformed from a mono-dimensional techni...
The fact that security was often neglected in the design and construction of computer software has l...
The perception of risk is a driver for security analysts' decision making. However, security analyst...
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attac...
An important role carried out by cyber-security experts is the assessment of proposed computer syste...
This document is the Accepted Manuscript of a conference paper published in Proceedings of the Cambr...
Security decision-making is a critical task in tackling security threats affecting a system or proce...
While the importance of security has long been recognised, research efforts aimed at finding a solut...
Software security is concerned with the protection of data, facilities and applications from harm th...
In the information security business, 30 years of practical and theoretical research has resulted in...
There are many facets of managing security in information systems. Although there are prior studies ...
In response to the asymmetric advantage that attackers enjoy over defenders in cyber systems, the cy...
With the increasingly pervasive role of software in society, security is becoming an important quali...
An evidently dominate problem in the software development domain is that software security is not co...
Employing a design solution can satisfy some requirements while having negative side-effects on some...
The security of software systems in recent years has been transformed from a mono-dimensional techni...
The fact that security was often neglected in the design and construction of computer software has l...
The perception of risk is a driver for security analysts' decision making. However, security analyst...
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attac...
An important role carried out by cyber-security experts is the assessment of proposed computer syste...
This document is the Accepted Manuscript of a conference paper published in Proceedings of the Cambr...
Security decision-making is a critical task in tackling security threats affecting a system or proce...
While the importance of security has long been recognised, research efforts aimed at finding a solut...
Software security is concerned with the protection of data, facilities and applications from harm th...
In the information security business, 30 years of practical and theoretical research has resulted in...
There are many facets of managing security in information systems. Although there are prior studies ...
In response to the asymmetric advantage that attackers enjoy over defenders in cyber systems, the cy...
With the increasingly pervasive role of software in society, security is becoming an important quali...
An evidently dominate problem in the software development domain is that software security is not co...
Employing a design solution can satisfy some requirements while having negative side-effects on some...
The security of software systems in recent years has been transformed from a mono-dimensional techni...
The fact that security was often neglected in the design and construction of computer software has l...
The perception of risk is a driver for security analysts' decision making. However, security analyst...