Andrew M'manga
A normative decision-making model for cyber security.
M'manga, Andrew; Faily, Shamal; McAlaney, John; Williams, Chris; Kadobayashi, Youki; Miyamoto, Daisuke
Authors
Shamal Faily
John McAlaney
Chris Williams
Youki Kadobayashi
Daisuke Miyamoto
Abstract
The purpose of this paper is to investigate security decision-making during risk and uncertain conditions, and to propose a normative model capable of tracing the decision rationale. The proposed risk rationalisation model is grounded in literature and studies on security analysts' activities. The model design was inspired by established awareness models, including the situation awareness and observe–orient–decide–act (OODA). Model validation was conducted using cognitive walkthroughs with security analysts. The results indicate that the model may adequately be used to elicit the rationale or provide traceability for security decision-making. The results also illustrate how the model may be applied to facilitate design for security decision makers. The proof of concept is based on a hypothetical risk scenario. Further studies could investigate the model's application in actual scenarios. The paper proposes a novel approach to tracing the rationale behind security decision-making during risk and uncertain conditions. The research also illustrates techniques for adapting decision-making models to inform system design.
Citation
M'MANGA, A., FAILY, S., MCALANEY, J., WILLIAMS, C., KADOBAYASHI, Y. and MIYAMOTO, D. 2019. A normative decision-making model for cyber security. Information and computer security [online], 27(5), pages 636-646. Available from: https://doi.org/10.1108/ICS-01-2019-0021
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Mar 21, 2019 |
| Online Publication Date | Jun 17, 2019 |
| Publication Date | Oct 23, 2019 |
| Deposit Date | Sep 16, 2021 |
| Publicly Available Date | Nov 23, 2021 |
| Journal | Information and computer security |
| Print ISSN | 2056-4961 |
| Electronic ISSN | 2056-497X |
| Publisher | Emerald |
| Peer Reviewed | Peer Reviewed |
| Volume | 27 |
| Issue | 5 |
| Pages | 636-646 |
| DOI | https://doi.org/10.1108/ICS-01-2019-0021 |
| Keywords | Uncertainty; Decision-making; Risk analysis; Perception; Security; Awareness; Rationalisation; Normative |
| Public URL | https://rgu-repository.worktribe.com/output/1427731 |
Files
M'MANGA 2019 A normative decision (AAM)
(419 Kb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by-nc/4.0/
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search