Technical Work Packages (WPs) in the SECONOMICS project have developed a series of
theoretical frameworks and models applicable to various infrastructure sectors. While this
theoretical approach can provide stakeholders with a general idea for designing and developing
appropriate security strategies and policies, it might not be able to offer sufficiently
practical information on the effectiveness of a security measure, strategy or policy, and to
guarantee the validity. In order to attest validity and practicality of the theoretical models developed
in the technical WPs, it is necessary to consider ways of complementing the models
based on empirical approach.
D6.3 therefore aims at providing a discussion on an array of methodologies able to overcome
the shortcomings in the theoretical models and circumvent issues related to the lack
of market-driven data. In particular, we discuss the experimental methodologies for the systematization
of exploration of the security measures, strategies and policies, and provide
detailed information on experimental frameworks used for evaluating various security measures
and policies tackled in the three case study WPs.
In Section 2, we discuss various quantitative and qualitative experimental methods that
have been and can be used to complement the models and frameworks developed in the
technical WPs. The proposed experimental methodologies include comparative statics,
workshops (semi-structured interviews and focus groups), controlled experiments, casecontrol
studies and media analysis.
Section 3 illustrates how different experimental methodologies have been and can be applied
to complement theoretical models developed for the three SECONOMICS case studies.
We focus particularly on presenting various applications of experimental methods for a specific
case study. Furthermore, the section explores how an experimental method has been
implemented for analysing regulatory frameworks from a cross-domain perspective.
Section 4 presents a way to employ an experimental method for evaluating impact of
future and emerging threats and developing desirable policy strategies and instruments for
such threats. We propose in particular to use sensitivity analysis to assess the impacts
caused by emerging threats and compare resilience and sustainability of different security
system designs.
Section 5 concludes the document. Particularly, we propose to employ a wide set of
experimental methods to complement and evaluate security frameworks and models, since a
single experimental method cannot explore and analyse all research frameworks and models
developed in the SECONOMICS project.
The annexes have three research papers that focus on the application of the experimental
methods. ANNEX1 shows how socially optimal regulatory rules can be identified using comparative
statics. ANNEX2 attempts to analyse emerging cyber-threats using cross-domain
application explained in Section 3. ANNEX3 compares different methods for security risk
assessment using a controlled experiment.