Rigorous Validation of Systems Security Engineering Analytics

dc.contributor.author Llanso, Thomas
dc.contributor.author Mcneil, Martha
dc.contributor.author Jamieson, Jessie
dc.date.accessioned 2021-12-24T18:29:13Z
dc.date.available 2021-12-24T18:29:13Z
dc.date.issued 2022-01-04
dc.description.abstract In response to the asymmetric advantage that attackers enjoy over defenders in cyber systems, the cyber community has generated a steady stream of cybersecurity-related frameworks, methodologies, analytics, and “best practices” lists. However, these artifacts almost never under-go rigorous validation of their efficacy but instead tend to be accepted on faith, to, we suggest, our collective detriment based on evidence of continued attacker success. But what would rigorous validation look like, and can we afford it? This paper describes the design and estimates the cost of a controlled experiment whose goal is to deter-mine the effectiveness of an exemplar systems security analytic. Given the significant footprint that humans play in cyber systems (e.g., their design, use, attack, and defense), any such experiment must necessarily take into account and control for variable human behavior. Thus, the paper reinforces the argument that cybersecurity can be understood as a hybrid discipline with strong technical and human dimensions.
dc.format.extent 9 pages
dc.identifier.doi 10.24251/HICSS.2022.910
dc.identifier.isbn 978-0-9981331-5-7
dc.identifier.uri http://hdl.handle.net/10125/80252
dc.language.iso eng
dc.relation.ispartof Proceedings of the 55th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subject Cybersecurity and Software Assurance
dc.subject validation cybersecurity analytics experiment
dc.title Rigorous Validation of Systems Security Engineering Analytics
dc.type.dcmi text
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
1 MB
Adobe Portable Document Format