By Topic

Experiences from using indicators to validate expert judgments in security risk analysis

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Ligaarden, O.S. ; Dept. for Networked Syst. & Services, SINTEF ICT, Oslo, Norway ; Refsdal, A. ; Stolen, K.

Expert judgments are often used to estimate likelihood values in a security risk analysis. These judgments are subjective and their correctness rely on the competence, training, and experience of the experts. Thus, there is a need to validate the correctness of the values obtained from expert judgments. In this paper we investigate to what extent indicators based on historical data may be used to validate likelihood values obtained from expert judgments. We report on experiences from a security risk analysis where indicators were used to validate likelihood values obtained from expert judgments. The experiences build on data collected during the analysis and on semi-structured interviews with the client experts that participated in the analysis.

Note: As originally published there was an error in this document. Due to a production error final versions of the papers were not submitted. The corrected final article PDF is now provided.  

Published in:

Security Measurements and Metrics (Metrisec), 2011 Third International Workshop on

Date of Conference:

21-21 Sept. 2011