Abstract
Nowadays, Information System (IS) security and Risk Management (RM) are required for every organization that wishes to survive in this networked and open world. Thus, more and more organizations tend to implement a security strategy based on an ISSRM (IS security RM) approach. However, the difficulty of dealing efficiently with ISSRM is currently growing, because of the complexity of current IS coming with the increasing number of risks organizations need to face. To use conceptual models to deal with RM issues, especially in the information security domain, is today an active research topic, and many modelling languages have been proposed in this way. However, a current challenge remains the cognitive effectiveness of the visual syntax of these languages, i.e. the effectiveness to convey information. Security risk managers are indeed not used to use modelling languages in their daily work, making this aspect of cognitive effectiveness a must-have for these modelling languages. Instead of starting defining a new cognitive effective modelling language, our objective is rather to assess and benchmark existing ones from the literature. The aim of this paper is thus to assess the cognitive effectiveness of CORAS, a modelling language focused on ISSRM.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_6
Band, I., Engelsman, W., Feltus, C., Paredes, S.G., Hietala, J., Jonkers, H., Massart, S.: Modeling Enterprise Risk Management and Security with the ArchiMate® Language. The Open Group (2015)
Mayer, N., Grandry, E., Feltus, C., Goettelmann, E.: Towards the ENTRI framework: security risk management enhanced by the use of enterprise architectures. In: Persson, A., Stirna, J. (eds.) CAiSE 2015. LNBIP, vol. 215, pp. 459–469. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19243-7_42
Mayer, N., Feltus, C.: Evaluation of the risk and security overlay of archimate to model information system security risks. In: IEEE 21st International Enterprise Distributed Object Computing Conference Workshops (EDOCW), pp. 106–116. IEEE (2017)
Lund, M.S., Solhaug, B., Stolen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12323-8
Hitchman, S.: Practitioner perceptions on the use of some semantic concepts in the entity–relationship model. Eur. J. Inf. Syst. 4, 31–40 (1995)
Hitchman, S.: The details of conceptual modelling notations are important - a comparison of relationship normative language. Commun. Assoc. Inf. Syst. 9, 167–179 (2002)
Nordbotten, J.C., Crosby, M.E.: The effect of graphic style on data model interpretation. Inf. Syst. J. 9, 139–155 (2001)
Shanks, G.: The challenges of strategic data planning in practice: an interpretive case study. J. Strateg. Inf. Syst. 6, 69–90 (1997)
Figl, K., Derntl, M., Rodriguez, M.C., Botturi, L.: Cognitive effectiveness of visual instructional design languages. J. Vis. Lang. Comput. 21, 359–373 (2010)
Green, T.R.G., Petre, M.: Usability analysis of visual programming environments: a ‘Cognitive Dimensions’ framework. J. Vis. Lang. Comput. 7, 131–174 (1996)
Moody, D.: The “Physics” of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35, 756–779 (2009)
Moody, D., van Hillegersberg, J.: Evaluating the visual syntax of UML: an analysis of the cognitive effectiveness of the UML family of diagrams. In: Gašević, D., Lämmel, R., Van Wyk, E. (eds.) SLE 2008. LNCS, vol. 5452, pp. 16–34. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00434-6_3
Moody, D.L., Heymans, P., Matulevičius, R.: Visual syntax does matter: improving the cognitive effectiveness of the i* visual notation. Requir. Eng. 15, 141–175 (2010)
Genon, N., Heymans, P., Amyot, D.: Analysing the cognitive effectiveness of the BPMN 2.0 visual notation. In: Malloy, B., Staab, S., van den Brand, M. (eds.) SLE 2010. LNCS, vol. 6563, pp. 377–396. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19440-5_25
Moody, D.L.: Review of ArchiMate: The Road to International Standardisation. ArchiMate Foundation and BiZZDesign B.V. (2007)
Beckers, K., Heisel, M., Solhaug, B., Stølen, K.: ISMS-CORAS: a structured method for establishing an ISO 27001 compliant information security management system. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds.) Engineering Secure Future Internet Services and Systems. LNCS, vol. 8431, pp. 315–344. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07452-8_13
van der Linden, D., Hadar, I.: A systematic literature review of applications of the physics of notation. IEEE Trans. Softw. Eng. PP, 1 (2018)
Störrle, H., Fish, A.: Towards an operationalization of the “Physics of Notations” for the analysis of visual languages. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 104–120. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41533-3_7
van der Linden, D., Zamansky, A., Hadar, I.: How cognitively effective is a visual notation? On the inherent difficulty of operationalizing the physics of notations. In: Schmidt, R., Guédria, W., Bider, I., Guerreiro, S. (eds.) BPMDS/EMMSAD -2016. LNBIP, vol. 248, pp. 448–462. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39429-9_28
Krogstie, J.: Using a semiotic framework to evaluate UML for the development of models of high quality. In: Unified Modeling Language: Systems Analysis, Design and Development Issues, pp. 89–106. IGI Global (2001)
Genon, N.: Unlocking Diagram Understanding: Empowering End-Users for Semantically Transparent Visual Symbols (2016)
Frank, U.: Domain-specific modeling languages: requirements analysis and design guidelines. In: Reinhartz-Berger, I., Sturm, A., Clark, T., Cohen, S., Bettin, J. (eds.) Domain Engineering, pp. 133–157. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36654-3_6
Guizzardi, G., Pires, L.F., van Sinderen, M.: Ontology-based evaluation and design of domain-specific visual modeling languages. In: Nilsson, A.G., Gustas, R., Wojtkowski, W., Wojtkowski, W.G., Wrycza, S., Zupančič, J. (eds.) Advances in Information Systems Development, pp. 217–228. Springer, Boston (2006). https://doi.org/10.1007/978-0-387-36402-5_19
Kleppe, A.: Software Language Engineering: Creating Domain-Specific Languages Using Metamodels. Addison-Wesley Professional (2008)
Nielsen, J., Molich, R.: Heuristic evaluation of user interfaces. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 249–256. ACM, New York (1990)
Zender, M., Mejía, G.M.: Improving icon design: through focus on the role of individual symbols in the construction of meaning. Vis. Lang. 47, 66–89 (2013)
Miller, G.A.: The magical number seven, plus or minus 2: some limits on our capacity for processing information. Psychol. Rev. 63, 81–97 (1956)
Lauesen, S., Pave Musgrove, M.: Heuristic evaluation of user interfaces versus usability testing. In: User Interface Design - A Software Engineering Perspective, pp. 443–463 (2005)
Acknowledgments
Supported by the National Research Fund, Luxembourg, and financed by the ENTRI project (C14/IS/8329158).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Zehnder, E., Mayer, N., Gronier, G. (2018). Evaluation of the Cognitive Effectiveness of the CORAS Modelling Language. In: Woo, C., Lu, J., Li, Z., Ling, T., Li, G., Lee, M. (eds) Advances in Conceptual Modeling. ER 2018. Lecture Notes in Computer Science(), vol 11158. Springer, Cham. https://doi.org/10.1007/978-3-030-01391-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-01391-2_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01390-5
Online ISBN: 978-3-030-01391-2
eBook Packages: Computer ScienceComputer Science (R0)