Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security

Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the avai...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2019-09
Hauptverfasser: Ellerby, Zack, McCulloch, Josie, Wilson, Melanie, Wagner, Christian
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Ellerby, Zack
McCulloch, Josie
Wilson, Melanie
Wagner, Christian
description Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as \emph{high}, \emph{medium} or \emph{low} do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts' judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment.
format Article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2300423881</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2300423881</sourcerecordid><originalsourceid>FETCH-proquest_journals_23004238813</originalsourceid><addsrcrecordid>eNqNyr0OgjAUQOHGxESivMNNnElKC8pqCMQ4-jObChcoQottifL2MvgATmc434J4jPMwSCLGVsS3tqWUst2exTH3iMg-Q6eNVDU0-g2p7getUDnIReG0sSBUCa5BaeCmCjROSOUmOFQVFg5OY1ljP3MLuoKztE-QCtLpgSa4YDEa6aYNWVais-j_uibbPLumx2Aw-jWidfdWj0bN6844pRHjSRLy_9QXRG5FMg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2300423881</pqid></control><display><type>article</type><title>Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security</title><source>Free E- Journals</source><creator>Ellerby, Zack ; McCulloch, Josie ; Wilson, Melanie ; Wagner, Christian</creator><creatorcontrib>Ellerby, Zack ; McCulloch, Josie ; Wilson, Melanie ; Wagner, Christian</creatorcontrib><description>Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as \emph{high}, \emph{medium} or \emph{low} do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts' judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Complexity ; Cyber-physical systems ; Cybersecurity ; Experts ; Risk assessment ; Threat evaluation ; Uncertainty</subject><ispartof>arXiv.org, 2019-09</ispartof><rights>2019. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>780,784</link.rule.ids></links><search><creatorcontrib>Ellerby, Zack</creatorcontrib><creatorcontrib>McCulloch, Josie</creatorcontrib><creatorcontrib>Wilson, Melanie</creatorcontrib><creatorcontrib>Wagner, Christian</creatorcontrib><title>Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security</title><title>arXiv.org</title><description>Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as \emph{high}, \emph{medium} or \emph{low} do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts' judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment.</description><subject>Complexity</subject><subject>Cyber-physical systems</subject><subject>Cybersecurity</subject><subject>Experts</subject><subject>Risk assessment</subject><subject>Threat evaluation</subject><subject>Uncertainty</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNqNyr0OgjAUQOHGxESivMNNnElKC8pqCMQ4-jObChcoQottifL2MvgATmc434J4jPMwSCLGVsS3tqWUst2exTH3iMg-Q6eNVDU0-g2p7getUDnIReG0sSBUCa5BaeCmCjROSOUmOFQVFg5OY1ljP3MLuoKztE-QCtLpgSa4YDEa6aYNWVais-j_uibbPLumx2Aw-jWidfdWj0bN6844pRHjSRLy_9QXRG5FMg</recordid><startdate>20190930</startdate><enddate>20190930</enddate><creator>Ellerby, Zack</creator><creator>McCulloch, Josie</creator><creator>Wilson, Melanie</creator><creator>Wagner, Christian</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20190930</creationdate><title>Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security</title><author>Ellerby, Zack ; McCulloch, Josie ; Wilson, Melanie ; Wagner, Christian</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_23004238813</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Complexity</topic><topic>Cyber-physical systems</topic><topic>Cybersecurity</topic><topic>Experts</topic><topic>Risk assessment</topic><topic>Threat evaluation</topic><topic>Uncertainty</topic><toplevel>online_resources</toplevel><creatorcontrib>Ellerby, Zack</creatorcontrib><creatorcontrib>McCulloch, Josie</creatorcontrib><creatorcontrib>Wilson, Melanie</creatorcontrib><creatorcontrib>Wagner, Christian</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ellerby, Zack</au><au>McCulloch, Josie</au><au>Wilson, Melanie</au><au>Wagner, Christian</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security</atitle><jtitle>arXiv.org</jtitle><date>2019-09-30</date><risdate>2019</risdate><eissn>2331-8422</eissn><abstract>Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as \emph{high}, \emph{medium} or \emph{low} do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts' judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2019-09
issn 2331-8422
language eng
recordid cdi_proquest_journals_2300423881
source Free E- Journals
subjects Complexity
Cyber-physical systems
Cybersecurity
Experts
Risk assessment
Threat evaluation
Uncertainty
title Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T13%3A02%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Exploring%20how%20Component%20Factors%20and%20their%20Uncertainty%20Affect%20Judgements%20of%20Risk%20in%20Cyber-Security&rft.jtitle=arXiv.org&rft.au=Ellerby,%20Zack&rft.date=2019-09-30&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2300423881%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2300423881&rft_id=info:pmid/&rfr_iscdi=true