Reducing the effort to comprehend risk models: Text labels are often preferred over graphical means

Risk Analysis

Volumn 31, Issue 11, 2011, Pages 1813-1831

  Grøndahl, Ida Hogganvik ^a   Lund, Mass Soldal ^b   Stølen, Ketil ^b,c  

^a Scandpower Risk Management ^*  (Norway)

^b SINTEF ICT   (Norway)

^c UNIVERSITY OF OSLO   (Norway)

Author keywords

Empirical study; Modeling; Risk; Risk analysis; Visualization

Indexed keywords

EMPIRICAL INVESTIGATION; EMPIRICAL STUDIES; RISK MODEL; RISK MODELING; TEXT LABELS; TEXTUAL LABELS;

FLOW VISUALIZATION; MODELS; RISK ANALYSIS; RISKS; VISUALIZATION;

RISK ASSESSMENT;

EMPIRICAL ANALYSIS; GRAPHICAL METHOD; NUMERICAL MODEL; RISK ASSESSMENT; STAKEHOLDER; VISUALIZATION;

ARTICLE; COMPREHENSION; COMPUTER GRAPHICS; HUMAN; INTERPERSONAL COMMUNICATION; LANGUAGE; RISK; THEORETICAL MODEL;

COMMUNICATION; COMPREHENSION; COMPUTER GRAPHICS; HUMANS; LANGUAGE; MODELS, THEORETICAL; RISK;

EID: 81255185570     PISSN: 02724332     EISSN: 15396924     Source Type: Journal    
DOI: 10.1111/j.1539-6924.2011.01636.x     Document Type: Article

References (49)

1. den Braber F, Hogganvik I, Lund MS, Stølen K, Vraalsen F. Model-based security analysis in seven steps: A guided tour to the CORAS method. BT Technology Journal, 2007; 25(1):101-117.
2. den Braber F, Mildal AB, Nes J, Stølen K, Vraalsen F. Experiences from using the CORAS methodology to analyze a web application. Journal of Cases on Information Technology, 2005; 7(3):110-130.
3. Hogganvik I. A Graphical Approach to Security Risk Analysis [dissertation]. University of Oslo, 2007.
4. Hogganvik I, Stølen K. On the comprehension of security risk scenarios. Pp. 115-124 in: Proceedings of the 13th International Workshop on Program Comprehension (IWPC'05), 2005.
5. Hogganvik I, Stølen K. Risk analysis terminology for IT-systems: Does it match intuition? Pp. 13-23 in: Proceedings of the International Symposium on Empirical Software Engineering (ISESE'05), 2005.
6. Ware C. Information Visualization: Perception for Design (2nd Ed). San Francisco, CA: Elsevier, 2004.
7. Object Management Group. Unified Modeling Language (UML): Superstructure, version 2.0, 2005.
8. International Organization for Standardization, International Electrotechnical Commission. ISO/IEC13335: Information Technology: Guidelines for the Management of IT Security (Part 3), 1998.
9. International Organization for Standardization, International Electrotechnical Commission. ISO/IEC13335: Information Technology: Security Techniques: Management of Information and Communications Technology Security (Part 1), 2004.
10. Standards Australia, Standards New Zealand. AS/NZS4360: Australian/New Zealand Standard for Risk Management, 2004.
11. Standards Australia, Standards New Zealand. HB231: Information Security Risk Management Guidelines, 2004.
12. Hogganvik I, Stølen K. Investigating Preferences in Graphical Risk Modeling. Oslo: SINTEF ICT, 2007. Report No.: A57.
13. Houmb SH, den Braber F, Lund MS, Stølen K. Towards a UML profile for model-based risk assessment. Pp. 79-91 in Proceedings of UML 2002 Satellite Workshop on Critical Systems Development with UML (CSD-UML'02), Munich University of Technology, 2002.
14. Lund MS, den Braber F, Stølen K, Vraalsen F. A UML Profile for the Identification and Analysis of Security Risks During Structured Brainstorming. Oslo: SINTEF ICT, 2004. Report No.: STF40 A03067.
15. Ibrekk H, Morgan G. Graphical communication of uncertain quantities to nontechnical people. Risk Analysis, 1987; 7(4):519-529.
16. Connelly AN, Knuth BA. Evaluating risk communication: Examining target audience perception about four presentation formats for fish consumption health advisory information. Risk Analysis, 1998; 18(5):649-659.
17. Lipkus MI, Hollands JG. The visual communication of risk. Journal of the National Cancer Institute. Monographs, 1999; 25:149-163.
18. Winn W. An account of how readers search for information in diagrams. Contempory Education Psychology, 1993; 18:162-185.
19. Bratthall L, Wohlin C. Is it possible to decorate graphical software design and architecture models with qualitative information? An experiment. IEEE Transactions on Software Engineering, 2002; 28(12):1181-1193.
20. Linos PK, Aubet P, Dumas L, Helleboid Y, Lejeune D, Tulula P. Visualizing program dependencies: An experimental study. Software Practice and Experience, 1994; 24(4):387-403.
21. Larkin JH, Simon HA. Why a diagram is (sometimes) worth ten thousand words. Cognitive Science, 1987; 11:65-99.
22. Treisman A, Gormican S. Feature analysis in early vision: Evidence from search asymmetries. Psychological Review, 1988; 95(1):15-48.
23. Becker RA, Eick SG, Wilks AR. Visualizing network data. IEEE Transactions on Visual Computer Graphics, 1995; 1(1):16-21.
24. Wertheimer M. Laws of organization in perceptual forms. [English translation of: Untersuchungen zur Lehre von der Gestalt, II. Psychol Forsch. 1923; 4: 301-350]. Pp. 71-88 in Ellis WD (ed). A Source Book of Gestalt Psychology. London: Routledge & Kegan Paul, 1938.
25. Winn W. Perceptual strategies used with flow diagrams having normal and unanticipated formats. Perceptual and Motor Skills, 1983; 57:751-762.
26. Winn W. The role of diagrammatic representation in learning sequences, identification, and classification as a function of verbal and spatial ability. Journal of Research in Science Teaching, 1982; 19:79-89.
27. Winn W, Solomon C. The effect of the rhetorical structure of diagrams on the interpretation of simple sentences. Unpublished manuscript, 1991. University of Washington.
28. Chattratichart J, Kuljis J. An assessment of visual representations for the "flow of control." Pp. 45-48 in Proceedings of the 12th Workshop of the Psychology of Programming Interest Group (PPIG'00). Cosenza, Italy, 2000.
29. International Electrotechnical Commission. IEC61025: Fault Tree Analysis (FTA), 1990.
30. Sedra AS, Smith KC. Microelectronic Circuits. New York: Oxford University Press, 2003.
31. Krogstie J. Conceptual Modeling for Computerized Information Systems Support in Organizations [dissertation]. Norwegian Institute of Technology. University of Trondheim, 1995.
32. Goodman N. Languages of Art: An Approach to a Theory of Symbols. Indianapolis, IN: Hackett, 1976.
33. Cahill MC, Carter RCJ. Color code size for searching displays of different density. Human Factors, 1976; 18(3):273-280.
34. Christ RE. Review and analysis of color coding research for visual displays. Human Factors, 1975; 17(6):542-570.
35. Cleveland WS, McGill R. Graphical perception and graphical methods for analyzing scientific data. Science, 1985; 229:828-833.
36. Shneiderman B. Designing the User Interface. Reading, MA: Addison-Wesley, 1992.
37. Wickens CD. Engineering Psychology and Human Performance (2nd Ed). New York: HarperCollins, 1992.
38. Christ RE. Research for evaluating visual display codes: An emphasis on colour coding. Pp. 209-228 in Easterby R, Zwaga H (eds). Information Design: The Design and Evaluation of Signs and Printed Material. Chichester: John Wiley and Sons, 1984.
39. Jubis RMT. Coding effects on performance in a process control task with uniparameter and multiparameter displays. Human Factors, 1990; 32(3):287-297.
40. Smith L, Thomas D. Color versus shape coding in information displays. Journal of Applied Psychology, 1964; 48(3):137-146.
41. Cavanagh JP. Relationship between the immediate memory span and the memory search rate. Psychological Review, 1972; 79:525-530.
42. Schneider W, Shiffren RM. Controlled and automatic human information processing I: Detection, search, and attention. Psychological Review, 1977; 84:1-66.
43. Tan KC. Effects of Stimulus Class on Short-Term Memory Workload in Complex Information Displays [disseration]. Virginia Technical University, 1990.
44. Bhattacharyya GK, Johnson RA. Statistical Concepts and Methods. New York: John Wiley & Sons, 1977.
45. Siegel S, Castellan J. Non-Parametric Statistics for the Behavioural Sciences (2nd Ed). New York: McGraw-Hill International Editions, 1988.
46. SPSS Statistics. Available from:, Accessed September 24, 2010.
47. Cohen J. Statistical Power Analysis for the Behavioral Sciences (2nd Ed). New York: Psychology Press Taylor & Francis Group, 1988.
48. Hogganvik I, Stølen K. A graphical approach to risk identification, motivated by empirical investigations. Pp. 574-588 in Proceedings of the 9th International Conference on Model Driven Engineering Languages and Systems (MoDELS'06). Springer, 2006. (Lecture Notes in Computer Science; vol. 4199).
49. Lund MS, Solhaug B, Stølen K. Model-driven risk analysis. In The CORAS Approach. Berlin/Heidelberg: Springer, 2011.