Full Access
Reducing the Effort to Comprehend Risk Models: Text Labels Are Often Preferred Over Graphical Means
Ida Hogganvik Grøndahl, Mass Soldal Lund, Ketil Stølen,
Corresponding Author
Ketil Stølen
SINTEF ICT, Norway.
University of Oslo, Norway.
Ketil Stølen, SINTEF ICT, Norway; [email protected]Search for more papers by this authorIda Hogganvik Grøndahl, Mass Soldal Lund, Ketil Stølen,
Corresponding Author
Ketil Stølen
SINTEF ICT, Norway.
University of Oslo, Norway.
Ketil Stølen, SINTEF ICT, Norway; [email protected]Search for more papers by this authorAbstract
Risk analysis involves people with different roles and competences. The validity of the outcome depends on that they are able to communicate; ideally between themselves, but at least with or via a risk analyst. The CORAS risk modeling language has been developed to facilitate communication between stakeholders involved in the various stages of risk analysis. This article reports the results from an empirical investigation among professionals, where the purpose was to investigate how graphical effects (size, color, shape) and text labels introduced in the CORAS risk modeling language affected the understanding. The results indicate that if graphical effects are used to illustrate important information, they should also be accompanied by informative textual labels.
REFERENCES
- 1 den Braber F, Hogganvik I, Lund MS, Stølen K, Vraalsen F. Model-based security analysis in seven steps: A guided tour to the CORAS method. BT Technology Journal, 2007; 25(1): 101–117.
- 2
den Braber F,
Mildal AB,
Nes J,
Stølen K,
Vraalsen F.
Experiences from using the CORAS methodology to analyze a web application.
Journal of Cases on Information Technology, 2005; 7(3): 110–130.
10.4018/jcit.2005070107 Google Scholar
- 3 Hogganvik I. A Graphical Approach to Security Risk Analysis [dissertation]. University of Oslo, 2007.
- 4 Hogganvik I, Stølen K. On the comprehension of security risk scenarios. Pp. 115–124 in: Proceedings of the 13th International Workshop on Program Comprehension (IWPC’05), 2005.
- 5 Hogganvik I, Stølen K. Risk analysis terminology for IT-systems: Does it match intuition? Pp. 13–23 in: Proceedings of the International Symposium on Empirical Software Engineering (ISESE’05), 2005.
- 6 Ware C. Information Visualization: Perception for Design ( 2nd Ed). San Francisco , CA : Elsevier, 2004.
- 7 Object Management Group. Unified Modeling Language (UML): Superstructure, version 2.0, 2005.
- 8 International Organization for Standardization, International Electrotechnical Commission. ISO/IEC13335: Information Technology: Guidelines for the Management of IT Security (Part 3), 1998.
- 9 International Organization for Standardization, International Electrotechnical Commission. ISO/IEC13335: Information Technology: Security Techniques: Management of Information and Communications Technology Security (Part 1), 2004.
- 10 Standards Australia, Standards New Zealand. AS/NZS4360: Australian/New Zealand Standard for Risk Management, 2004.
- 11 Standards Australia, Standards New Zealand. HB231: Information Security Risk Management Guidelines, 2004.
- 12 Hogganvik I, Stølen K. Investigating Preferences in Graphical Risk Modeling. Oslo: SINTEF ICT, 2007. Report No.: A57.
- 13 Houmb SH, den Braber F, Lund MS, Stølen K. Towards a UML profile for model-based risk assessment. Pp. 79–91 in Proceedings of UML 2002 Satellite Workshop on Critical Systems Development with UML (CSD-UML’02), Munich University of Technology, 2002.
- 14 Lund MS, den Braber F, Stølen K, Vraalsen F. A UML Profile for the Identification and Analysis of Security Risks During Structured Brainstorming. Oslo: SINTEF ICT, 2004. Report No.: STF40 A03067.
- 15 Ibrekk H, Morgan G. Graphical communication of uncertain quantities to nontechnical people. Risk Analysis, 1987; 7(4): 519–529.
- 16 Connelly AN, Knuth BA. Evaluating risk communication: Examining target audience perception about four presentation formats for fish consumption health advisory information. Risk Analysis, 1998; 18(5): 649–659.
- 17 Lipkus MI, Hollands JG. The visual communication of risk. Journal of the National Cancer Institute. Monographs, 1999; 25: 149–163.
- 18 Winn W. An account of how readers search for information in diagrams. Contempory Education Psychology, 1993; 18: 162–185.
- 19 Bratthall L, Wohlin C. Is it possible to decorate graphical software design and architecture models with qualitative information? An experiment. IEEE Transactions on Software Engineering, 2002; 28(12): 1181–1193.
- 20 Linos PK, Aubet P, Dumas L, Helleboid Y, Lejeune D, Tulula P. Visualizing program dependencies: An experimental study. Software Practice and Experience, 1994; 24(4): 387–403.
- 21 Larkin JH, Simon HA. Why a diagram is (sometimes) worth ten thousand words. Cognitive Science, 1987; 11: 65–99.
- 22 Treisman A, Gormican S. Feature analysis in early vision: Evidence from search asymmetries. Psychological Review, 1988; 95(1): 15–48.
- 23 Becker RA, Eick SG, Wilks AR. Visualizing network data. IEEE Transactions on Visual Computer Graphics, 1995; 1(1): 16–21.
- 24
Wertheimer M.
Laws of organization in perceptual forms. [English translation of: Untersuchungen zur Lehre von der Gestalt, II. Psychol Forsch. 1923; 4: 301–350]. Pp.
71–88
in
WD Ellis (ed). A Source Book of Gestalt Psychology. London: Routledge & Kegan Paul, 1938.
10.1037/11496-005 Google Scholar
- 25 Winn W. Perceptual strategies used with flow diagrams having normal and unanticipated formats. Perceptual and Motor Skills, 1983; 57: 751–762.
- 26 Winn W. The role of diagrammatic representation in learning sequences, identification, and classification as a function of verbal and spatial ability. Journal of Research in Science Teaching, 1982; 19: 79–89.
- 27 Winn W, Solomon C. The effect of the rhetorical structure of diagrams on the interpretation of simple sentences. Unpublished manuscript, 1991. University of Washington.
- 28 Chattratichart J, Kuljis J. An assessment of visual representations for the “flow of control.” Pp. 45–48 in Proceedings of the 12th Workshop of the Psychology of Programming Interest Group (PPIG’00). Cosenza, Italy, 2000.
- 29 International Electrotechnical Commission. IEC61025: Fault Tree Analysis (FTA), 1990.
- 30 Sedra AS, Smith KC. Microelectronic Circuits. New York : Oxford University Press, 2003.
- 31 Krogstie J. Conceptual Modeling for Computerized Information Systems Support in Organizations [dissertation]. Norwegian Institute of Technology. University of Trondheim, 1995.
- 32
Goodman N.
Languages of Art: An Approach to a Theory of Symbols.
Indianapolis
,
IN
: Hackett, 1976.
10.5040/9781350928541 Google Scholar
- 33 Cahill MC, Carter RCJ. Color code size for searching displays of different density. Human Factors, 1976; 18(3): 273–280.
- 34 Christ RE. Review and analysis of color coding research for visual displays. Human Factors, 1975; 17(6): 542–570.
- 35 Cleveland WS, McGill R. Graphical perception and graphical methods for analyzing scientific data. Science, 1985; 229: 828–833.
- 36 Shneiderman B. Designing the User Interface. Reading , MA : Addison-Wesley, 1992.
- 37 Wickens CD. Engineering Psychology and Human Performance ( 2nd Ed). New York: HarperCollins, 1992.
- 38 Christ RE. Research for evaluating visual display codes: An emphasis on colour coding. Pp. 209–228 in R Easterby, H Zwaga (eds). Information Design: The Design and Evaluation of Signs and Printed Material. Chichester: John Wiley and Sons, 1984.
- 39 Jubis RMT. Coding effects on performance in a process control task with uniparameter and multiparameter displays. Human Factors, 1990; 32(3): 287–297.
- 40 Smith L, Thomas D. Color versus shape coding in information displays. Journal of Applied Psychology, 1964; 48(3): 137–146.
- 41 Cavanagh JP. Relationship between the immediate memory span and the memory search rate. Psychological Review, 1972; 79: 525–530.
- 42 Schneider W, Shiffren RM. Controlled and automatic human information processing I: Detection, search, and attention. Psychological Review, 1977; 84: 1–66.
- 43 Tan KC. Effects of Stimulus Class on Short-Term Memory Workload in Complex Information Displays [disseration]. Virginia Technical University, 1990.
- 44 Bhattacharyya GK, Johnson RA. Statistical Concepts and Methods. New York: John Wiley & Sons, 1977.
- 45 Siegel S, Castellan J. Non-Parametric Statistics for the Behavioural Sciences ( 2nd Ed). New York : McGraw-Hill International Editions, 1988.
- 46 SPSS Statistics. Available from: http://www.spss.com/statistics/, Accessed September 24, 2010.
- 47
Cohen J.
Statistical Power Analysis for the Behavioral Sciences ( 2nd Ed). New York: Psychology Press Taylor & Francis Group, 1988.
10.1046/j.1526-4610.2001.111006343.x Google Scholar
- 48 Hogganvik I, Stølen K. A graphical approach to risk identification, motivated by empirical investigations. Pp. 574–588 in Proceedings of the 9th International Conference on Model Driven Engineering Languages and Systems (MoDELS’06). Springer, 2006. (Lecture Notes in Computer Science; vol. 4199).
- 49 Lund MS, Solhaug B, Stølen K. Model-driven risk analysis. In The CORAS Approach. Berlin/Heidelberg: Springer, 2011.
