Creativity Techniques for Social Engineering Threat Elicitation: A Controlled Experiment

Beckers, K.; Fries, V.; Groen, E. C. and Pape, S.

In Joint Proceedings of REFSQ-2017 Workshops, Doctoral Symposium, Research Method Track, and Poster Track co-located with the 22nd International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017), Essen, Germany, February 27, 2017., 2017.


We propose a controlled experiment to assess how well creativity techniques can support social engineering threat assessment. Social engineering threats form the basis for the elicitation of security requirements, a type of quality requirement, which state what threat should be prevented or mitigated. The proposed experiment compares a serious game and the Morphological Forced Connections technique with regard to their productivity, as well as completeness and precision.

PDF Slides LinkBibtexsecurityserious gamesocial engineeringhatch