Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment
Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.
In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.Abstract
We propose a controlled experiment to assess how well creativity techniques can support social engineering threat assessment. Social engineering threats form the basis for the elicitation of security requirements, a type of quality requirement, which state what threat should be prevented or mitigated. The proposed experiment compares a serious game and the Morphological Forced Connections technique with regard to their productivity, as well as completeness and precision.
Bibtex
@InProceedings{BFGP17CreaRE, author = {Kristian Beckers and Veronika Fries and Eduard C. Groen and Sebastian Pape}, title = {Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment}, booktitle = {Joint Proceedings of {REFSQ-2017} Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality {(REFSQ} 2017), Essen, Germany, February 27, 2017.}, year = {2017}, editor = {Eric Knauss and Angelo Susi and David Ameller and Daniel M. Berry and Fabiano Dalpiaz and Maya Daneva and Marian Daun and Oscar Dieste and Peter Forbrig and Eduard C. Groen and Andrea Herrmann and Jennifer Horkoff and Fitsum Meshesha Kifetew and Marite Kirikova and Alessia Knauss and Patrick Maeder and Fabio Massacci and Cristina Palomares and Jolita Ralyt{\'{e}} and Ahmed Seffah and Alberto Siena and Bastian Tenbergen}, volume = {1796}, doi = {X}, keywords = {social engineering, security, HATCH, serious game}, url = {https://ceur-ws.org/Vol-1796/creare-paper-1.pdf}, }