Risk Management and Information Assurance Decision Support
| dc.contributor.author | Hibshi, Hanan | |
| dc.contributor.author | Breaux, Travis D. | |
| dc.contributor.corporate | Acquisition Research Program (ARP) | |
| dc.date.accessioned | 2019-08-27T18:36:50Z | |
| dc.date.available | 2019-08-27T18:36:50Z | |
| dc.date.issued | 2019-04-30 | |
| dc.description.abstract | Like any organization, the DoD still relies on security analysts who can ensure that security requirements are satisfied. Relying on one expert’s opinion can be risky, because the degree of uncertainty involved in a single person’s decision could increase with time, memory failure, or inexperience. In previous work, we introduced the multifactor quality measurement method (MQM) where we reduce this risk by collecting security ratings from multiple experts with documented expertise in specific technical areas of cybersecurity. The next step is to automate the scenario generation where less experienced IT personnel can create scenarios that correspond to their own system architecture using our tool. The automation allows one to crowdsource security assessments from experts. The tool will collect and analyze the expert ratings and return the results to the original requestor. In this paper, we propose our designed prototype for the tool and we share the results of evaluating the prototype on 30 students who are completing a master’s degree in cybersecurity at Carnegie Mellon University. Based on the qualitative and usability analysis of responses, our proposed method is shown effective in systematic scenario elicitation. Participants had a 100% task completion rate with 57% of participants achieving complete task-success, and the remaining 43% of participants achieving partial task-success. Finally, we discuss our findings and future directions for this research in systematic scenario elicitation. | en_US |
| dc.description.sponsorship | Naval Postgraduate School Acquisition Research Program | en_US |
| dc.identifier.npsreport | SYM-AM-19-056 | |
| dc.identifier.uri | https://hdl.handle.net/10945/62895 | |
| dc.publisher | Monterey, California. Naval Postgraduate School | en_US |
| dc.relation.ispartofseries | Acquisition Research Symposium | |
| dc.rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. | en_US |
| dc.title | Risk Management and Information Assurance Decision Support | en_US |
| dc.type | Report | en_US |
| dspace.entity.type | Publication | |
| relation.isOrgUnitOfPublication | bc7988c8-57ff-485c-9348-877f4ef91f4e | |
| relation.isOrgUnitOfPublication.latestForDiscovery | bc7988c8-57ff-485c-9348-877f4ef91f4e | |
| relation.isSeriesOfPublication | e652aa3b-f22b-4814-8e9d-6391f82531e0 | |
| relation.isSeriesOfPublication.latestForDiscovery | e652aa3b-f22b-4814-8e9d-6391f82531e0 |
Files
Original bundle
1 - 1 of 1