While as noted in subchapter 8.4, several symbols might need additional refinement and consideration, proposed unified set of icons could overall be utilized in the subsequent up- date of SRM-related notations and is suggested to be introduced in the refined versions of Secure BPMN, Secure Tropos, Mal-activity Diagrams and Misuse Cases.
Since as of now SRM-extended modelling notations are not supported by CASE tools, it is also proposed to design a universal security risk modelling-related tool with support of both available SRM notations and icons from proposed iconset.
Finally, it should also be noted that proposed introduction of semantically transparent icons is only one of possible approaches to improve the cognitive efficiency of modelling nota- tions. Since the implementation of proposed iconset covers limited number of PoN princi- ples, additional improvements of notational intuitiveness and visual effectiveness could be achieved via ensuring complete compliance to the Physics of Notation guidelines.
59
10 References
Altuhhova, O., Matulevičius, R., & Ahmed, N. (2013). An extension of business process model and notation for security risk management. International Journal of Infor-
mation System Modeling and Design (IJISMD), 4(4), 93–113.
Bertin, J. (1983). Semiology of graphics: diagrams, networks, maps.
Blackwell, A. F. (2006). Ten years of cognitive dimensions in visual languages and com- puting: Guest Editor’s introduction to special issue. Journal of Visual Languages
& Computing, 17(4), 285–287.
Caire, P., Genon, N., Heymans, P., & Moody, D. L. (2013). Visual notation design 2.0: Towards user comprehensible requirements engineering notations. In Require-
ments Engineering Conference (RE), 2013 21st IEEE International (pp. 115–124).
IEEE.
Chowdhury, M., Matulevičius, R., Sindre, G., & Karpati, P. (2012). Aligning mal-activity diagrams and security risk management for security requirements definitions. Re-
quirements Engineering: Foundation for Software Quality, 132–139.
da Silva Teixeira, M. das G., Quirino, G. K., Gailly, F., de Almeida Falbo, R., Guizzardi, G., & Barcellos, M. P. (2016). PoN-S: A Systematic Approach for Applying the Physics of Notation (PoN) (pp. 432–447). Presented at the International Workshop on Business Process Modeling, Development and Support, Springer.
Dagit, J., Lawrance, J., Neumann, C., Burnett, M., Metoyer, R., & Adams, S. (2006). Us- ing cognitive dimensions: advice from the trenches. Journal of Visual Languages
& Computing, 17(4), 302–327.
Dubois, É., Heymans, P., Mayer, N., & Matulevičius, R. (2010). A Systematic Approach to Define the Domain of Information System Security Risk Management. In S. Nurcan, C. Salinesi, C. Souveyet, & J. Ralyté (Eds.), Intentional Perspectives on
Information Systems Engineering (pp. 289–306). Berlin, Heidelberg: Springer Ber-
lin Heidelberg. https://doi.org/10.1007/978-3-642-12544-7_16
El Kouhen, A., Gherbi, A., Dumoulin, C., & Khendek, F. (2015). On the semantic trans- parency of visual notations: experiments with UML. In International SDL Forum (pp. 122–137). Springer.
Fein, R. (2017, October 20). Equifax deserves the corporate death penalty. Retrieved from https://www.wired.com
Genon, N. (2016). Unlocking Diagram Understanding: Empowering End-Users for Se-
mantically Transparent Visual Symbols (PhD Thesis). Université de Namur, Press
universitaire de Namur.
Genon, N., Heymans, P., & Amyot, D. (2010). Analysing the cognitive effectiveness of the BPMN 2.0 visual notation. In International Conference on Software Language
Engineering (pp. 377–396). Springer. Retrieved from
https://link.springer.com/chapter/10.1007/978-3-642-19440-5_25
Goodman, N. (1968). Languages of art: An approach to a theory of symbols. Hackett pub- lishing.
Granada, D., Vara, J. M., Brambilla, M., Bollati, V., & Marcos, E. (2017). Analysing the cognitive effectiveness of the webml visual notation. Software & Systems Model-
ing, 16(1), 195–227.
Green, T. R. (1989). Cognitive dimensions of notations. People and Computers V, 443– 460.
Green, T. R., Blandford, A. E., Church, L., Roast, C. R., & Clarke, S. (2006). Cognitive dimensions: Achievements, new directions, and open questions. Journal of Visual
60
Green, T. R. G., & Petre, M. (1996). Usability analysis of visual programming environ- ments: a ‘cognitive dimensions’ framework. Journal of Visual Languages & Com-
puting, 7(2), 131–174.
Gregor, S. (2006). The nature of theory in information systems. MIS Quarterly, 611–642. Hahn, J., & Kim, J. (1999). Why are some diagrams easier to work with? Effects of dia-
grammatic representation on the cognitive intergration process of systems analysis and design. ACM Transactions on Computer-Human Interaction (TOCHI), 6(3), 181–213.
Howell, W. C., & Fuchs, A. H. (1968). Population stereotypy in code design. Organiza-
tional Behavior and Human Performance, 3(3), 310–339.
Jick, T. D. (1979). Mixing qualitative and quantitative methods: Triangulation in action.
Administrative Science Quarterly, 24(4), 602–611.
Krogstie, J., Sindre, G., & Jørgensen, H. (2006). Process models representing knowledge for action: a revised quality framework. European Journal of Information Systems,
15(1), 91–102.
Leitner, M., Schefer-Wenzl, S., Rinderle-Ma, S., & Strembeck, M. (2013). An Experi- mental Study on the Design and Modeling of Security Concepts in Business Pro- cesses. In PoEM (pp. 236–250). Springer.
Lewis, P. (1992). Rich picture building in the soft systems methodology. European Jour-
nal of Information Systems, 1(5), 351–360.
Lohse, G. L. (1997). The role of working memory on graphical information processing.
Behaviour & Information Technology, 16(6), 297–308.
Maines, C. L., Zhou, B., Tang, S., & Shi, Q. (2017). Towards a Framework for the Exten- sion and Visualisation of Cyber Security Requirements in Modelling Languages (pp. 71–76). Presented at the Developments in eSystems Engineering (DeSE), 2017 10th International Conference on, IEEE.
Matulevičius, R. (2014). Model comprehension and stakeholder appropriateness of secu- rity risk-oriented modelling languages. In Enterprise, Business-Process and Infor-
mation Systems Modeling (pp. 332–347). Springer.
Matulevičius, R. (2017). Fundamentals of Secure System Modelling. Cham: Springer In- ternational Publishing. https://doi.org/10.1007/978-3-319-61717-6
Matulevicius, R., Mouratidis, H., Mayer, N., Dubois, E., & Heymans, P. (2012). Syntactic and semantic extensions to secure tropos to support security risk management. J.
UCS, 18(6), 816–844.
Mayer, N., Heymans, P., & Matulevicius, R. (2007). Design of a Modelling Language for Information System Security Risk Management. (pp. 121–132). Presented at the RCIS.
Moody, D. (2008). Evidence-based Notation Design: Towards a Scientific Basis for Con- structing Visual Notations in Software Engineering. (under review).
Moody, D. (2009a). The “physics” of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Transactions on Software Engi-
neering, 35(6), 756–779.
Moody, D. (2009b). Theory development in visual language research: Beyond the cogni- tive dimensions of notations (pp. 151–154). Presented at the Visual Languages and Human-Centric Computing, 2009. VL/HCC 2009. IEEE Symposium on, IEEE. Moody, D., Heymans, P., & Matulevičius, R. (2010). Visual syntax does matter: improv-
ing the cognitive effectiveness of the i* visual notation. Requirements Engineering,
61
Moody, D., & van Hillegersberg, J. (2008). Evaluating the visual syntax of UML: An analysis of the cognitive effectiveness of the UML family of diagrams. In Interna-
tional Conference on Software Language Engineering (pp. 16–34). Springer.
Nordbotten, J. C., & Crosby, M. E. (1999). The effect of graphic style on data model inter- pretation. Information Systems Journal, 9(2), 139–155.
Saleh, F., & El-Attar, M. (2015). A scientific evaluation of the misuse case diagrams vis- ual syntax. Information and Software Technology, 66, 73–96.
Siau, K. (2004). Informational and computational equivalence in comparing information modeling methods. Journal of Database Management, 15(1), 73.
Sindre, G., & Opdahl, A. L. (2005). Eliciting security requirements with misuse cases. Re-
quirements Engineering, 10(1), 34–44.
Soomro, I., & Ahmed, N. (2012). Towards Security Risk-Oriented Misuse Cases. In Busi-
ness Process Management Workshops (pp. 689–700).
Van Der Linden, D., & Hadar, I. (2015). Cognitive effectiveness of conceptual modeling languages: Examining professional modelers (pp. 9–12). Presented at the Empirical Requirements Engineering (EmpiRE), 2015 IEEE Fifth International Workshop on, IEEE.
62