Skip to Main Content
Expert judgments are often used to estimate likelihood values in a security risk analysis. These judgments are subjective and their correctness rely on the competence, training, and experience of the experts. Thus, there is a need to validate the correctness of the values obtained from expert judgments. In this paper we investigate to what extent indicators based on historical data may be used to validate likelihood values obtained from expert judgments. We report on experiences from a security risk analysis where indicators were used to validate likelihood values obtained from expert judgments. The experiences build on data collected during the analysis and on semi-structured interviews with the client experts that participated in the analysis.
Note: As originally published there was an error in this document. Due to a production error final versions of the papers were not submitted. The corrected final article PDF is now provided.