{"id":1886,"date":"2024-11-21T15:50:29","date_gmt":"2024-11-21T20:50:29","guid":{"rendered":"https:\/\/carleton.ca\/cybersea\/?p=1886"},"modified":"2026-01-26T10:41:49","modified_gmt":"2026-01-26T15:41:49","slug":"new-publication-im-getting-information-that-i-can-act-on-now-exploring-the-level-of-actionable-information-in-tool-generated-threat-reports","status":"publish","type":"post","link":"https:\/\/carleton.ca\/cybersea\/2024\/new-publication-im-getting-information-that-i-can-act-on-now-exploring-the-level-of-actionable-information-in-tool-generated-threat-reports\/","title":{"rendered":"New Publication: &#8220;I&#8217;m Getting Information that I Can Act on Now&#8221;: Exploring the Level of Actionable Information in Tool-generated Threat Reports"},"content":{"rendered":"\n<section class=\"w-screen px-6 cu-section cu-section--white ml-offset-center md:px-8 lg:px-14\">\n    <div class=\"space-y-6 cu-max-w-child-5xl  md:space-y-10 cu-prose-first-last\">\n\n            <div class=\"cu-textmedia flex flex-col lg:flex-row mx-auto gap-6 md:gap-10 my-6 md:my-12 first:mt-0 max-w-5xl\">\n        <div class=\"justify-start cu-textmedia-content cu-prose-first-last\" style=\"flex: 0 0 100%;\">\n            <header class=\"font-light prose-xl cu-pageheader md:prose-2xl cu-component-updated cu-prose-first-last\">\n                \n                                \n                            <\/header>\n\n                    <\/div>\n\n            <\/div>\n\n    <\/div>\n<\/section>\n\n<p>Our publication &#8220;<a href=\"https:\/\/dl.acm.org\/doi\/10.1145\/3688459.3688467\">&#8220;I&#8217;m Getting Information that I Can Act on Now&#8221;: Exploring the Level of Actionable Information in Tool-generated Threat Reports<\/a>&#8221; is now online. Existing threat modeling tools have been investigated primarily for their functionality and features but not for the contents that they automatically generate, i.e., threat reports. This paper presents the first study focusing on threat reports; we explore what users consider as \u201cactionable information\u201d in such reports, and assess how well threat reports support users in taking action to address identified threats. Based on our analysis, we found that users consider information detailing threats and mitigation suggestions to be directly actionable, and they consider a threat prioritization scheme and statistical overview of insights as supplementary actionable information. We also assess the level of actionable information present in existing threat reports and outline why the current reports lack adequate coverage of actionable information necessary to make decisions with high confidence. To address the identified shortcomings and satisfy user needs, we provide recommendations for improving the state of threat reports in existing and emerging threat modeling tools. This paper was presented at the <a href=\"https:\/\/eurousec24.kau.se\/\">2024 European Symposium on Usable Security<\/a> in September 2024. See <a href=\"https:\/\/carleton.ca\/cybersea\/publications\/\">Publications<\/a> for more details!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our publication &#8220;&#8220;I&#8217;m Getting Information that I Can Act on Now&#8221;: Exploring the Level of Actionable Information in Tool-generated Threat Reports&#8221; is now online. Existing threat modeling tools have been investigated primarily for their functionality and features but not for the contents that they automatically generate, i.e., threat reports. This paper presents the first study [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":431,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[41],"tags":[],"class_list":["post-1886","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-publication"],"acf":{"cu_post_thumbnail":""},"_links":{"self":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts\/1886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/comments?post=1886"}],"version-history":[{"count":3,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts\/1886\/revisions"}],"predecessor-version":[{"id":1889,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/posts\/1886\/revisions\/1889"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/media\/431"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/media?parent=1886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/categories?post=1886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/carleton.ca\/cybersea\/wp-json\/wp\/v2\/tags?post=1886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}