Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A normative decision-making model for cyber security

A normative decision-making model for cyber security The purpose of this paper is to investigate security decision-making during risk and uncertain conditions and to propose a normative model capable of tracing the decision rationale.Design/methodology/approachThe proposed risk rationalisation model is grounded in literature and studies on security analysts’ activities. The model design was inspired by established awareness models including the situation awareness and observe–orient–decide–act (OODA). Model validation was conducted using cognitive walkthroughs with security analysts.FindingsThe results indicate that the model may adequately be used to elicit the rationale or provide traceability for security decision-making. The results also illustrate how the model may be applied to facilitate design for security decision makers.Research limitations/implicationsThe proof of concept is based on a hypothetical risk scenario. Further studies could investigate the model’s application in actual scenarios.Originality/valueThe paper proposes a novel approach to tracing the rationale behind security decision-making during risk and uncertain conditions. The research also illustrates techniques for adapting decision-making models to inform system design. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information and Computer Security Emerald Publishing

Loading next page...
 
/lp/emerald-publishing/a-normative-decision-making-model-for-cyber-security-0vPJPFHlPY

References (22)

Publisher
Emerald Publishing
Copyright
© Emerald Publishing Limited
ISSN
2056-4961
DOI
10.1108/ics-01-2019-0021
Publisher site
See Article on Publisher Site

Abstract

The purpose of this paper is to investigate security decision-making during risk and uncertain conditions and to propose a normative model capable of tracing the decision rationale.Design/methodology/approachThe proposed risk rationalisation model is grounded in literature and studies on security analysts’ activities. The model design was inspired by established awareness models including the situation awareness and observe–orient–decide–act (OODA). Model validation was conducted using cognitive walkthroughs with security analysts.FindingsThe results indicate that the model may adequately be used to elicit the rationale or provide traceability for security decision-making. The results also illustrate how the model may be applied to facilitate design for security decision makers.Research limitations/implicationsThe proof of concept is based on a hypothetical risk scenario. Further studies could investigate the model’s application in actual scenarios.Originality/valueThe paper proposes a novel approach to tracing the rationale behind security decision-making during risk and uncertain conditions. The research also illustrates techniques for adapting decision-making models to inform system design.

Journal

Information and Computer SecurityEmerald Publishing

Published: Oct 23, 2019

Keywords: Uncertainty; Decision-making; Risk analysis; Perception; Security; Awareness; Rationalisation; Normative

There are no references for this article.