An Evidence Quality Assessment Model for Cyber Security Policymaking

Hussain, Atif; Shaikh, Siraj Ahmed; Chung, Alex; Dawda, Sneha; Carr, Madeline

doi:10.1007/978-3-030-04537-1_2

Cited by 2 publications

(2 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cybersecurity is "viewed as a niche technical subject requiring a computer science degree just to grapple with its impenetrable jargon" [5]. While technical command of cybersecurity is an acknowledged issue amongst boards [9], policymakers [10], and public [11], it is inadequate measure of effectiveness of cybersecurity games as it overlooks a key factor: decision-making.…”

Section: Research Contributionsmentioning

confidence: 99%

“…During game-play, information from a wide range of sources is provided to participants, which is a scenario inject. This can include supporting cybersecurity evidence such as technical advisory, media items, non-confidential government or agency reports, confidential intelligence briefing, industry analysis and academic research [10]. Scenario injects can have certain characteristics such as time pressure, escalation, reputation and resource allocation, which challenges decision-making, and are shown in Figure 2.…”

Section: Scenario Injectsmentioning

confidence: 99%

See 1 more Smart Citation

Games for Cybersecurity Decision-Making

Hussain

Kuhn

Shaikh

2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Decision-makers are often confronted with cybersecurity challenges, which they may not fully comprehend but nonetheless need to critically address. Efficient preparation through cybersecurity games has become an invaluable tool to better prepare strategy and response to cyber incidents. Such games offer the potential for capacity building of decision-makers through a controlled environment, often presenting hypothetical scenarios that are designed to invoke discussion, while decision-making skills are put to the test. While games are acknowledged to be an effective method for such situations, many rely on technical capabilities to address these challenges. However, a key challenge is to understand the factors that influence cybersecurity decision-making. Further, game effectiveness for developing these skills is often not validated. This paper surveys cybersecurity games and compiles a data-set of 46 games to investigate how effective cybersecurity games are for assessing decision-making skills, and determines the state-of-the-art game. Through critical review and analysis of the data-set, a criteria to assess games for decision-making skills is presented. Furthermore, the criteria is applied to ten games, which determined Cyber 9/12 to be the state-of-the-art cybersecurity game for decision-making. The paper concludes with insights into how the assessment criteria can support the development of better decision-making skills through games.

show abstract

Section: Research Contributionsmentioning

confidence: 99%

Section: Scenario Injectsmentioning

confidence: 99%