Andrew M'manga scite author profile

Purpose The purpose of this paper is to investigate security decision-making during risk and uncertain conditions and to propose a normative model capable of tracing the decision rationale. Design/methodology/approach The proposed risk rationalisation model is grounded in literature and studies on security analysts’ activities. The model design was inspired by established awareness models including the situation awareness and observe–orient–decide–act (OODA). Model validation was conducted using cognitive walkthroughs with security analysts. Findings The results indicate that the model may adequately be used to elicit the rationale or provide traceability for security decision-making. The results also illustrate how the model may be applied to facilitate design for security decision makers. Research limitations/implications The proof of concept is based on a hypothetical risk scenario. Further studies could investigate the model’s application in actual scenarios. Originality/value The paper proposes a novel approach to tracing the rationale behind security decision-making during risk and uncertain conditions. The research also illustrates techniques for adapting decision-making models to inform system design.

show abstract

Qualitative Adaptation: Informing Design for Risk-based Decision Making

M'manga

Faily

McAlaney

et al. 2018

View full text Add to dashboard Cite

Research on decision making during risk and uncertainty facilitates risk-based decision making by understanding techniques decision makers use to arrive at informed decisions. Approaches to the research usually involve a mix of cognitive techniques for information discovery and sense-making; these were methodologically not intended to inform design. We detail our experience in applying qualitative techniques to elicit persona characteristics from risk-based decision making data.

show abstract

System design considerations for risk perception

M'manga

Faily

McAlaney

et al. 2017

View full text Add to dashboard Cite

Abstract-The perception of risk is a driver for security analysts' decision making. However, security analysts may have conflicting views of a risk based on personal, system and environmental factors. This difference in perception and opinion, may impact effective decision making. In this paper, we propose a model that highlights areas contributing to the perception of risk in a socio-technical environment and their implication to system design. We validate the model through the use of a hypothetical scenario, which is grounded in both the literature and empirical data.

show abstract

Eliciting Requirements for a Student-focussed Capture The Flag

Szedlak

M'manga

2020

View full text Add to dashboard Cite

The current consensus is that a lack of skilled young persons entering the cyber security industry is contributing significantly to the accrescent cyber security skills gap. However, little progress has been made in terms of handling key contributing factors such as cyber security education. While Capture The Flag (CTF) exercises in cyber security education present some of the necessary requirements, we hypothesise that the current CTF forms do not possess the requirements necessary for promoting student engagement and learning. The paper presents the results of a study aimed at identifying the requirements of a studentfocused CTF.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Andrew M'manga

Gamification of Cyber Security Training - EnsureSecure

A normative decision-making model for cyber security

Qualitative Adaptation: Informing Design for Risk-based Decision Making

System design considerations for risk perception

Eliciting Requirements for a Student-focussed Capture The Flag

Contact Info

Product

Resources

About