A normative decision-making model for cyber security. (11th November 2019)
- Record Type:
- Journal Article
- Title:
- A normative decision-making model for cyber security. (11th November 2019)
- Main Title:
- A normative decision-making model for cyber security
- Authors:
- M'manga, Andrew
Faily, Shamal
McAlaney, John
Williams, Chris
Kadobayashi, Youki
Miyamoto, Daisuke - Abstract:
- Abstract : Purpose: The purpose of this paper is to investigate security decision-making during risk and uncertain conditions and to propose a normative model capable of tracing the decision rationale. Design/methodology/approach: The proposed risk rationalisation model is grounded in literature and studies on security analysts' activities. The model design was inspired by established awareness models including the situation awareness and observe–orient–decide–act (OODA). Model validation was conducted using cognitive walkthroughs with security analysts. Findings: The results indicate that the model may adequately be used to elicit the rationale or provide traceability for security decision-making. The results also illustrate how the model may be applied to facilitate design for security decision makers. Research limitations/implications: The proof of concept is based on a hypothetical risk scenario. Further studies could investigate the model's application in actual scenarios. Originality/value: The paper proposes a novel approach to tracing the rationale behind security decision-making during risk and uncertain conditions. The research also illustrates techniques for adapting decision-making models to inform system design.
- Is Part Of:
- Information and computer security. Volume 29:Number 5(2021)
- Journal:
- Information and computer security
- Issue:
- Volume 29:Number 5(2021)
- Issue Display:
- Volume 29, Issue 5 (2021)
- Year:
- 2021
- Volume:
- 29
- Issue:
- 5
- Issue Sort Value:
- 2021-0029-0005-0000
- Page Start:
- 636
- Page End:
- 646
- Publication Date:
- 2019-11-11
- Subjects:
- Uncertainty -- Decision-making -- Risk analysis -- Perception -- Security -- Awareness -- Rationalisation -- Normative
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-01-2019-0021 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 18207.xml