Authors: Raimundas Matulevičius
Tags: 2014, conceptual modeling
Modelling and management of the security risks from the early stages of information systems development could help to envision early security threats, their consequences and potential countermeasures. However, the security modelling languages could bring benefit only if they are correctly applied and the stakeholders comprehend models and agree about their meaning. In this paper we analyse how humans comprehend the security risk-oriented/aware modelling (SRM) languages and models. Specifically, by applying the semiotic quality framework, we investigate (i) concepts of the security risk management, and (ii) participant and modeller appropriateness regarding the SRM languages. Our results indicate the best and worst perceived SRM constructs and highlight few challenges to improve the SRM languages.Read the full paper here: https://link.springer.com/chapter/10.1007/978-3-662-43745-2_23
