Experiences from using indicators to validate expert judgments in security risk analysis

Author

Ligaarden, O.S. ; Refsdal, A. ; Stolen, K.

Author_Institution

Dept. for Networked Syst. & Services, SINTEF ICT, Oslo, Norway

fYear

2011

fDate

21-21 Sept. 2011

Firstpage

88

Lastpage

95

Abstract

Expert judgments are often used to estimate likelihood values in a security risk analysis. These judgments are subjective and their correctness rely on the competence, training, and experience of the experts. Thus, there is a need to validate the correctness of the values obtained from expert judgments. In this paper we investigate to what extent indicators based on historical data may be used to validate likelihood values obtained from expert judgments. We report on experiences from a security risk analysis where indicators were used to validate likelihood values obtained from expert judgments. The experiences build on data collected during the analysis and on semi-structured interviews with the client experts that participated in the analysis.

Keywords

risk analysis; security of data; client experts; expert judgment validation; historical data; likelihood values estimation; security risk analysis; Education; Electronic mail; Information security; Interviews; Proposals; Risk analysis; expert judgment; indicator; security risk analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Security Measurements and Metrics (Metrisec), 2011 Third International Workshop on

Conference_Location

Banff, AB

Print_ISBN

978-1-4673-1245-5

Type

conf

DOI

10.1109/Metrisec.2011.13

Filename

6165769