Access the full text.
Sign up today, get DeepDyve free for 14 days.
Andrew M'manga, Shamal Faily, J. McAlaney, Christopher Williams (2017)
Folk Risk Analysis: Factors Influencing Security Analysts' Interpretation of Risk
(2014)
Complex problem solving as multistage decision making
Andrew M'manga, Shamal Faily, Christopher Williams, J. McAlaney (2018)
Rationalising Decision Making about Risk: A Normative Approach
B. Wong (2014)
How Analysts Think (?): Early Observations2014 IEEE Joint Intelligence and Security Informatics Conference
B. Wong, N. Kodagoda (2015)
How Analysts ThinkProceedings of the Human Factors and Ergonomics Society Annual Meeting, 59
A. Rashid, Syed Naqvi, Rajiv Ramdhany, M. Edwards, R. Chitchyan, M. Babar (2016)
Discovering "Unknown Known" Security Requirements2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE)
Gary Klein (2017)
Sources of Power: How People Make DecisionsLeadership and Management in Engineering, 1
A. Risø, Risø (2007)
The Human Data Processor an a System Component
J. Boyd (2012)
The Essence of Winning and Losing
(2012)
Human-Computer Interaction: An Empirical Research Perspective
(1972)
Theories of bounded rationality
Felix Naumann, M. Roth (2009)
Information Quality
R. Hoffman, Shane Mueller, Gary Klein (2017)
Explaining Explanation, Part 2: Empirical FoundationsIEEE Intelligent Systems, 32
Gary Klein (2008)
Naturalistic Decision MakingHuman Factors: The Journal of Human Factors and Ergonomic Society, 50
A. D'Amico, K. Whitley, Daniel Tesone, B. O'Brien, E. Roth (2005)
Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance AnalystsProceedings of the Human Factors and Ergonomics Society Annual Meeting, 49
M. Endsley (1995)
Toward a Theory of Situation Awareness in Dynamic SystemsHuman Factors: The Journal of Human Factors and Ergonomics Society, 37
Gregory Schraw, D. Moshman (1995)
Metacognitive theoriesEducational Psychology Review, 7
R. Werlinger, Kasia Muldner, K. Hawkey, K. Beznosov (2010)
Preparation, detection, and analysis: the diagnostic work of IT security incident responseInf. Manag. Comput. Secur., 18
D. Bell, H. Raiffa, A. Tversky (1990)
Decision making: Descriptive, normative, and prescriptive interactions.
Hanan Hibshi, T. Breaux, M. Riaz, L. Williams (2016)
A grounded analysis of experts' decision-making during security assessmentsJ. Cybersecur., 2
A. Risø-M (2007)
The human data processor as a system component. Bits and pieces of a model
J. Rieman, M. Franzke, D. Redmiles (1995)
Usability evaluation with the cognitive walkthroughConference Companion on Human Factors in Computing Systems
The purpose of this paper is to investigate security decision-making during risk and uncertain conditions and to propose a normative model capable of tracing the decision rationale.Design/methodology/approachThe proposed risk rationalisation model is grounded in literature and studies on security analysts’ activities. The model design was inspired by established awareness models including the situation awareness and observe–orient–decide–act (OODA). Model validation was conducted using cognitive walkthroughs with security analysts.FindingsThe results indicate that the model may adequately be used to elicit the rationale or provide traceability for security decision-making. The results also illustrate how the model may be applied to facilitate design for security decision makers.Research limitations/implicationsThe proof of concept is based on a hypothetical risk scenario. Further studies could investigate the model’s application in actual scenarios.Originality/valueThe paper proposes a novel approach to tracing the rationale behind security decision-making during risk and uncertain conditions. The research also illustrates techniques for adapting decision-making models to inform system design.
Information and Computer Security – Emerald Publishing
Published: Oct 23, 2019
Keywords: Uncertainty; Decision-making; Risk analysis; Perception; Security; Awareness; Rationalisation; Normative
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.