Skip to main content
SpringerLink
Log in

Evaluation of the Cognitive Effectiveness of the CORAS Modelling Language

  • Conference paper
  • First Online:
Advances in Conceptual Modeling (ER 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11158))

Included in the following conference series:

Abstract

Nowadays, Information System (IS) security and Risk Management (RM) are required for every organization that wishes to survive in this networked and open world. Thus, more and more organizations tend to implement a security strategy based on an ISSRM (IS security RM) approach. However, the difficulty of dealing efficiently with ISSRM is currently growing, because of the complexity of current IS coming with the increasing number of risks organizations need to face. To use conceptual models to deal with RM issues, especially in the information security domain, is today an active research topic, and many modelling languages have been proposed in this way. However, a current challenge remains the cognitive effectiveness of the visual syntax of these languages, i.e. the effectiveness to convey information. Security risk managers are indeed not used to use modelling languages in their daily work, making this aspect of cognitive effectiveness a must-have for these modelling languages. Instead of starting defining a new cognitive effective modelling language, our objective is rather to assess and benchmark existing ones from the literature. The aim of this paper is thus to assess the cognitive effectiveness of CORAS, a modelling language focused on ISSRM.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_6

    Chapter  Google Scholar 

  2. Band, I., Engelsman, W., Feltus, C., Paredes, S.G., Hietala, J., Jonkers, H., Massart, S.: Modeling Enterprise Risk Management and Security with the ArchiMate® Language. The Open Group (2015)

    Google Scholar 

  3. Mayer, N., Grandry, E., Feltus, C., Goettelmann, E.: Towards the ENTRI framework: security risk management enhanced by the use of enterprise architectures. In: Persson, A., Stirna, J. (eds.) CAiSE 2015. LNBIP, vol. 215, pp. 459–469. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19243-7_42

    Chapter  Google Scholar 

  4. Mayer, N., Feltus, C.: Evaluation of the risk and security overlay of archimate to model information system security risks. In: IEEE 21st International Enterprise Distributed Object Computing Conference Workshops (EDOCW), pp. 106–116. IEEE (2017)

    Google Scholar 

  5. Lund, M.S., Solhaug, B., Stolen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12323-8

    Book  MATH  Google Scholar 

  6. Hitchman, S.: Practitioner perceptions on the use of some semantic concepts in the entity–relationship model. Eur. J. Inf. Syst. 4, 31–40 (1995)

    Article  Google Scholar 

  7. Hitchman, S.: The details of conceptual modelling notations are important - a comparison of relationship normative language. Commun. Assoc. Inf. Syst. 9, 167–179 (2002)

    Google Scholar 

  8. Nordbotten, J.C., Crosby, M.E.: The effect of graphic style on data model interpretation. Inf. Syst. J. 9, 139–155 (2001)

    Article  Google Scholar 

  9. Shanks, G.: The challenges of strategic data planning in practice: an interpretive case study. J. Strateg. Inf. Syst. 6, 69–90 (1997)

    Article  Google Scholar 

  10. Figl, K., Derntl, M., Rodriguez, M.C., Botturi, L.: Cognitive effectiveness of visual instructional design languages. J. Vis. Lang. Comput. 21, 359–373 (2010)

    Article  Google Scholar 

  11. Green, T.R.G., Petre, M.: Usability analysis of visual programming environments: a ‘Cognitive Dimensions’ framework. J. Vis. Lang. Comput. 7, 131–174 (1996)

    Article  Google Scholar 

  12. Moody, D.: The “Physics” of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35, 756–779 (2009)

    Article  Google Scholar 

  13. Moody, D., van Hillegersberg, J.: Evaluating the visual syntax of UML: an analysis of the cognitive effectiveness of the UML family of diagrams. In: Gašević, D., Lämmel, R., Van Wyk, E. (eds.) SLE 2008. LNCS, vol. 5452, pp. 16–34. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00434-6_3

    Chapter  Google Scholar 

  14. Moody, D.L., Heymans, P., Matulevičius, R.: Visual syntax does matter: improving the cognitive effectiveness of the i* visual notation. Requir. Eng. 15, 141–175 (2010)

    Article  Google Scholar 

  15. Genon, N., Heymans, P., Amyot, D.: Analysing the cognitive effectiveness of the BPMN 2.0 visual notation. In: Malloy, B., Staab, S., van den Brand, M. (eds.) SLE 2010. LNCS, vol. 6563, pp. 377–396. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19440-5_25

    Chapter  Google Scholar 

  16. Moody, D.L.: Review of ArchiMate: The Road to International Standardisation. ArchiMate Foundation and BiZZDesign B.V. (2007)

    Google Scholar 

  17. Beckers, K., Heisel, M., Solhaug, B., Stølen, K.: ISMS-CORAS: a structured method for establishing an ISO 27001 compliant information security management system. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds.) Engineering Secure Future Internet Services and Systems. LNCS, vol. 8431, pp. 315–344. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07452-8_13

    Chapter  Google Scholar 

  18. van der Linden, D., Hadar, I.: A systematic literature review of applications of the physics of notation. IEEE Trans. Softw. Eng. PP, 1 (2018)

    Google Scholar 

  19. Störrle, H., Fish, A.: Towards an operationalization of the “Physics of Notations” for the analysis of visual languages. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 104–120. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41533-3_7

    Chapter  Google Scholar 

  20. van der Linden, D., Zamansky, A., Hadar, I.: How cognitively effective is a visual notation? On the inherent difficulty of operationalizing the physics of notations. In: Schmidt, R., Guédria, W., Bider, I., Guerreiro, S. (eds.) BPMDS/EMMSAD -2016. LNBIP, vol. 248, pp. 448–462. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39429-9_28

    Chapter  Google Scholar 

  21. Krogstie, J.: Using a semiotic framework to evaluate UML for the development of models of high quality. In: Unified Modeling Language: Systems Analysis, Design and Development Issues, pp. 89–106. IGI Global (2001)

    Google Scholar 

  22. Genon, N.: Unlocking Diagram Understanding: Empowering End-Users for Semantically Transparent Visual Symbols (2016)

    Google Scholar 

  23. Frank, U.: Domain-specific modeling languages: requirements analysis and design guidelines. In: Reinhartz-Berger, I., Sturm, A., Clark, T., Cohen, S., Bettin, J. (eds.) Domain Engineering, pp. 133–157. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36654-3_6

    Chapter  Google Scholar 

  24. Guizzardi, G., Pires, L.F., van Sinderen, M.: Ontology-based evaluation and design of domain-specific visual modeling languages. In: Nilsson, A.G., Gustas, R., Wojtkowski, W., Wojtkowski, W.G., Wrycza, S., Zupančič, J. (eds.) Advances in Information Systems Development, pp. 217–228. Springer, Boston (2006). https://doi.org/10.1007/978-0-387-36402-5_19

    Chapter  Google Scholar 

  25. Kleppe, A.: Software Language Engineering: Creating Domain-Specific Languages Using Metamodels. Addison-Wesley Professional (2008)

    Google Scholar 

  26. Nielsen, J., Molich, R.: Heuristic evaluation of user interfaces. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 249–256. ACM, New York (1990)

    Google Scholar 

  27. Zender, M., Mejía, G.M.: Improving icon design: through focus on the role of individual symbols in the construction of meaning. Vis. Lang. 47, 66–89 (2013)

    Google Scholar 

  28. Miller, G.A.: The magical number seven, plus or minus 2: some limits on our capacity for processing information. Psychol. Rev. 63, 81–97 (1956)

    Article  Google Scholar 

  29. Lauesen, S., Pave Musgrove, M.: Heuristic evaluation of user interfaces versus usability testing. In: User Interface Design - A Software Engineering Perspective, pp. 443–463 (2005)

    Google Scholar 

Download references

Acknowledgments

Supported by the National Research Fund, Luxembourg, and financed by the ENTRI project (C14/IS/8329158).

Author information

Authors and Affiliations

  1. Luxembourg Institute of Science and Technology, 5, avenue des Hauts-Fourneaux, 4362, Esch-sur-Alzette, Luxembourg

    Eloïse Zehnder, Nicolas Mayer & Guillaume Gronier

Authors
  1. Eloïse Zehnder
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nicolas Mayer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guillaume Gronier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nicolas Mayer .

Editor information

Editors and Affiliations

  1. University of British Columbia, Vancouver, BC, Canada

    Carson Woo

  2. University of Helsinki, Helsinki, Finland

    Jiaheng Lu

  3. Northwestern Polytechnical University, Xian, China

    Zhanhuai Li

  4. Department of Computer Science, National University of Singapore, Singapore, Singapore

    Tok Wang Ling

  5. Department of Computer Science and Technology, Tsinghua University, Beijing, Beijing, China

    Guoliang Li

  6. National University of Singapore, Singapore, Singapore

    Mong Li Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zehnder, E., Mayer, N., Gronier, G. (2018). Evaluation of the Cognitive Effectiveness of the CORAS Modelling Language. In: Woo, C., Lu, J., Li, Z., Ling, T., Li, G., Lee, M. (eds) Advances in Conceptual Modeling. ER 2018. Lecture Notes in Computer Science(), vol 11158. Springer, Cham. https://doi.org/10.1007/978-3-030-01391-2_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01391-2_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01390-5

  • Online ISBN: 978-3-030-01391-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation