Abstract
Cyber security is a key enabler for safe Air Traffic Management (ATM). This paper presents results from an empirical study, in which we have investigated and evaluated the use of the Security Risk Assessment Methodology for SESAR (SecRAM) in European ATM research and development projects. The study was performed with the intention to find and document common issues and aspects that could be improved in the methodology. The results from the study reveal that while most of the practitioners had a positive perception of the methodology itself, they were less satisfied with the process of applying it in their projects. Based on the results, we provide a number of recommendations, which aim to improve the security risk assessment process in the ATM domain.