Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Katsiaryna Labunets, Fabio Massacci, and Alessandra Tedeschi. Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity. In Proc. of ESEM 2017. IEEE, 2017.

20 Pages Posted: 28 Aug 2017

See all articles by Katsiaryna Labunets

Katsiaryna Labunets

Delft University of Technology

Fabio Massacci

DISI - University of Trento

Alessandra Tedeschi

Deep Blue srl

Date Written: August 22, 2017

Abstract

[Background] Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks.

[Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility.

[Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations.

[Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models.

[Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.

Keywords: Empirical Study, Security Risk Assessment, Risk Modeling, Comprehensibility, Cognitive Fit

Suggested Citation

Labunets, Katsiaryna and Massacci, Fabio and Tedeschi, Alessandra, Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity (August 22, 2017). Katsiaryna Labunets, Fabio Massacci, and Alessandra Tedeschi. Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity. In Proc. of ESEM 2017. IEEE, 2017., Available at SSRN: https://ssrn.com/abstract=3025473

Katsiaryna Labunets (Contact Author)

Delft University of Technology ( email )

P.O. Box 5015
2600 GB Delft
Netherlands

Fabio Massacci

DISI - University of Trento ( email )

Via Sommarive 9
Trento, Trento 38123
Italy

HOME PAGE: http://www.massacci.org

Alessandra Tedeschi

Deep Blue srl ( email )

Piazza Buenos Aires 20
Rome, 00198
Italy

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
26
Abstract Views
267
PlumX Metrics