Experiences from using indicators to validate expert judgments in security risk analysis

Sammendrag

Expert judgments are often used to estimate likelihood values in a security risk analysis. These judgments are subjective and their correctness rely on the competence, training, and experience of the experts. Thus, there is a need to validate the correctness of the values obtained from expert judgments. In this paper we investigate to what extent indicators based on historical data may be used to validate likelihood values obtained from expert judgments. We report on experiences from a security risk analysis where indicators were used to validate likelihood values obtained from expert judgments. The experiences build on data collected during the analysis and on semi-structured interviews with the client experts that participated in the analysis.

Kategori

Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

Språk

Engelsk

Forfatter(e)

Olav Skjelkvåle Ligaarden
Atle Refsdal
Ketil Stølen

Institusjon(er)

Universitetet i Oslo
SINTEF Digital / Sustainable Communication Technologies

År

2012

Forlag

IEEE (Institute of Electrical and Electronics Engineers)

Bok

Proceedings 2011 Third International Workshop on Security Measurements and Metrics Metrisec 2011

ISBN

978-0-7695-4680-3

Side(r)

88 - 95

DOI

https://doi.org/10.1109/metrisec.2011.13

Vis denne publikasjonen hos Cristin

Kontakt oss

Tjenester

Rapporter og publikasjoner

Forskningssenter og samarbeid

Karriere

Bærekraft

Institutter

Andre enheter

Ledelse og organisering

Om oss

Følg oss