Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on practitioner feedback, we introduce the latest iteration of this method accompanied by two dedicated tools: an online, collaborative web-portal and an offline version. We focus on the lessons learned in iteratively developing and evaluating these tools and the underlying framework. This new framework -- called ArgueSecure -- focuses on graphically modelling the risk landscape as a collapsible tree. ...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
Abstract—Graph-based assessment formalisms have proven to be useful in the safety, dependability, an...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
When showing that a software system meets certain security requirements, it is often necessary to wo...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Over the past decades a significant number of methods to identify and mitigate security risks have b...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
Reliable quantitative risk assessment requires the use of meaningful statistical data and well valid...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
Abstract—Graph-based assessment formalisms have proven to be useful in the safety, dependability, an...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
When showing that a software system meets certain security requirements, it is often necessary to wo...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Over the past decades a significant number of methods to identify and mitigate security risks have b...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
Reliable quantitative risk assessment requires the use of meaningful statistical data and well valid...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
Abstract—Graph-based assessment formalisms have proven to be useful in the safety, dependability, an...