dc.contributor.author | Meland, Per Håkon | |
dc.contributor.author | Bernsmed, Karin | |
dc.contributor.author | Frøystad, Christian | |
dc.contributor.author | Li, Jingyue | |
dc.contributor.author | Sindre, Guttorm | |
dc.date.accessioned | 2019-11-04T10:57:44Z | |
dc.date.available | 2019-11-04T10:57:44Z | |
dc.date.created | 2019-06-18T08:57:25Z | |
dc.date.issued | 2019 | |
dc.identifier.citation | Lecture Notes in Computer Science. 2019, 11387 173-191. | nb_NO |
dc.identifier.issn | 0302-9743 | |
dc.identifier.uri | http://hdl.handle.net/11250/2626339 | |
dc.description.abstract | Bow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of analysis has traditionally been used to elicit requirements for safety and reliability engineering, but as a consequence of the ever-increasing coupling between the cyber and physical world, security has become an additional concern. Through a controlled experiment, we provide evidence that the expressiveness of the bow-tie notation is suitable for this purpose as well. Our results show that a sample population of graduate students, inexperienced in security modelling, perform similarly as security experts when we have a well-defined scope and familiar target system/situation. We also demonstrate that misuse case diagrams should be regarded as more of a complementary than competing modelling technique. | nb_NO |
dc.language.iso | eng | nb_NO |
dc.publisher | Springer Verlag | nb_NO |
dc.title | An experimental evaluation of bow-tie analysis for cybersecurity requirements | nb_NO |
dc.type | Journal article | nb_NO |
dc.type | Peer reviewed | nb_NO |
dc.description.version | acceptedVersion | nb_NO |
dc.source.pagenumber | 173-191 | nb_NO |
dc.source.volume | 11387 | nb_NO |
dc.source.journal | Lecture Notes in Computer Science | nb_NO |
dc.identifier.doi | 10.1007/978-3-030-12786-2_11 | |
dc.identifier.cristin | 1705500 | |
dc.description.localcode | This is a post-peer-review, pre-copyedit version of an article published in [Lecture Notes in Computer Science] Locked until 31.1.2020 due to copyright restrictions. The final authenticated version is available online at: https://doi.org/10.1007/978-3-030-12786-2_11 | nb_NO |
cristin.unitcode | 194,63,10,0 | |
cristin.unitname | Institutt for datateknologi og informatikk | |
cristin.ispublished | true | |
cristin.qualitycode | 1 | |