2020
DOI: 10.1145/3419101
|View full text |Cite
|
Sign up to set email alerts
|

“So if Mr Blue Head here clicks the link...” Risk Thinking in Cyber Security Decision Making

Abstract: Cyber security decision making is inherently complicated, with nearly every decision having knock-on consequences for an organisation’s vulnerability and exposure. This is further compounded by the fact that decision-making actors are rarely security experts and may have an incomplete understanding of the security that the organisation currently has in place. They must contend with a multitude of possible security options that they may only partially understand. This challenge is met by decision makers’ … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
5
0

Year Published

2022
2022
2023
2023

Publication Types

Select...
4
1

Relationship

1
4

Authors

Journals

citations
Cited by 6 publications
(5 citation statements)
references
References 36 publications
0
5
0
Order By: Relevance
“…Risk management: Between calculation and anticipation. Understanding risk management in critical infrastructures is a multifaceted issue of both qualitative and quantitative nature (Shreeve et al 2020). Despite the rise of rule-based and probabilistic risk methodologies, for example, attack trees, attribute-based algorithms (Tatam et al, 2021), security risk is 'incalculable' since there are limits of what could be inferred from scientific data (Amoore, 2014: 424).…”
Section: Theoretical Frameworkmentioning
confidence: 99%
See 3 more Smart Citations
“…Risk management: Between calculation and anticipation. Understanding risk management in critical infrastructures is a multifaceted issue of both qualitative and quantitative nature (Shreeve et al 2020). Despite the rise of rule-based and probabilistic risk methodologies, for example, attack trees, attribute-based algorithms (Tatam et al, 2021), security risk is 'incalculable' since there are limits of what could be inferred from scientific data (Amoore, 2014: 424).…”
Section: Theoretical Frameworkmentioning
confidence: 99%
“…Previous risk studies embedded in the critical infrastructure context highlighted that risk assessments are collaborative processes, rather than a matter of following a formal methodology (Frey et al, 2019;Shreeve et al, 2020). In doing so, they challenge the trope of 'security expertise' being solely a technical and individual matter.…”
Section: Theoretical Frameworkmentioning
confidence: 99%
See 2 more Smart Citations
“…Further expanding these concerns, researchers have examined how applicable the established concepts of safety, reliability, and resilience are to the quick growing cyber security realm [17]. Other investigations have been performed to clearly outline the need for "decision-making actors" to be security experts due to the complexity of risk decision making [24], and some focus on how the mathematics and politics of risk clash in the realm of cyber security [2]. Work has been done by [38] to establish a meaningful monetary metric behind a risk-based approach for network architecture security modeling and design.…”
Section: Introductionmentioning
confidence: 99%