Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security
Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the avai...
Gespeichert in:
Veröffentlicht in: | arXiv.org 2019-09 |
---|---|
Hauptverfasser: | , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | |
container_start_page | |
container_title | arXiv.org |
container_volume | |
creator | Ellerby, Zack McCulloch, Josie Wilson, Melanie Wagner, Christian |
description | Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as \emph{high}, \emph{medium} or \emph{low} do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts' judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment. |
format | Article |
fullrecord | <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2300423881</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2300423881</sourcerecordid><originalsourceid>FETCH-proquest_journals_23004238813</originalsourceid><addsrcrecordid>eNqNyr0OgjAUQOHGxESivMNNnElKC8pqCMQ4-jObChcoQottifL2MvgATmc434J4jPMwSCLGVsS3tqWUst2exTH3iMg-Q6eNVDU0-g2p7getUDnIReG0sSBUCa5BaeCmCjROSOUmOFQVFg5OY1ljP3MLuoKztE-QCtLpgSa4YDEa6aYNWVais-j_uibbPLumx2Aw-jWidfdWj0bN6844pRHjSRLy_9QXRG5FMg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2300423881</pqid></control><display><type>article</type><title>Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security</title><source>Free E- Journals</source><creator>Ellerby, Zack ; McCulloch, Josie ; Wilson, Melanie ; Wagner, Christian</creator><creatorcontrib>Ellerby, Zack ; McCulloch, Josie ; Wilson, Melanie ; Wagner, Christian</creatorcontrib><description>Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as \emph{high}, \emph{medium} or \emph{low} do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts' judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Complexity ; Cyber-physical systems ; Cybersecurity ; Experts ; Risk assessment ; Threat evaluation ; Uncertainty</subject><ispartof>arXiv.org, 2019-09</ispartof><rights>2019. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>780,784</link.rule.ids></links><search><creatorcontrib>Ellerby, Zack</creatorcontrib><creatorcontrib>McCulloch, Josie</creatorcontrib><creatorcontrib>Wilson, Melanie</creatorcontrib><creatorcontrib>Wagner, Christian</creatorcontrib><title>Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security</title><title>arXiv.org</title><description>Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as \emph{high}, \emph{medium} or \emph{low} do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts' judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment.</description><subject>Complexity</subject><subject>Cyber-physical systems</subject><subject>Cybersecurity</subject><subject>Experts</subject><subject>Risk assessment</subject><subject>Threat evaluation</subject><subject>Uncertainty</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNqNyr0OgjAUQOHGxESivMNNnElKC8pqCMQ4-jObChcoQottifL2MvgATmc434J4jPMwSCLGVsS3tqWUst2exTH3iMg-Q6eNVDU0-g2p7getUDnIReG0sSBUCa5BaeCmCjROSOUmOFQVFg5OY1ljP3MLuoKztE-QCtLpgSa4YDEa6aYNWVais-j_uibbPLumx2Aw-jWidfdWj0bN6844pRHjSRLy_9QXRG5FMg</recordid><startdate>20190930</startdate><enddate>20190930</enddate><creator>Ellerby, Zack</creator><creator>McCulloch, Josie</creator><creator>Wilson, Melanie</creator><creator>Wagner, Christian</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20190930</creationdate><title>Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security</title><author>Ellerby, Zack ; McCulloch, Josie ; Wilson, Melanie ; Wagner, Christian</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_23004238813</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Complexity</topic><topic>Cyber-physical systems</topic><topic>Cybersecurity</topic><topic>Experts</topic><topic>Risk assessment</topic><topic>Threat evaluation</topic><topic>Uncertainty</topic><toplevel>online_resources</toplevel><creatorcontrib>Ellerby, Zack</creatorcontrib><creatorcontrib>McCulloch, Josie</creatorcontrib><creatorcontrib>Wilson, Melanie</creatorcontrib><creatorcontrib>Wagner, Christian</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ellerby, Zack</au><au>McCulloch, Josie</au><au>Wilson, Melanie</au><au>Wagner, Christian</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security</atitle><jtitle>arXiv.org</jtitle><date>2019-09-30</date><risdate>2019</risdate><eissn>2331-8422</eissn><abstract>Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as \emph{high}, \emph{medium} or \emph{low} do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts' judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | EISSN: 2331-8422 |
ispartof | arXiv.org, 2019-09 |
issn | 2331-8422 |
language | eng |
recordid | cdi_proquest_journals_2300423881 |
source | Free E- Journals |
subjects | Complexity Cyber-physical systems Cybersecurity Experts Risk assessment Threat evaluation Uncertainty |
title | Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T13%3A02%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Exploring%20how%20Component%20Factors%20and%20their%20Uncertainty%20Affect%20Judgements%20of%20Risk%20in%20Cyber-Security&rft.jtitle=arXiv.org&rft.au=Ellerby,%20Zack&rft.date=2019-09-30&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2300423881%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2300423881&rft_id=info:pmid/&rfr_iscdi=true |