An Evidence Quality Assessment Model for Cybersecurity Policymaking

Atif Hussain, Siraj Shaikh, Alex Chung, Sneha Dawda, Madeline Carr

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

One key factor underpinning a state's capacity to respond to policy challenges of cybersecurity is the quality of evidence supporting such decision making. As part of this process, policy advisers, essentially a diverse group including everyone from civil servants to elected policy makers, are asked to assess evidence from a mix of sources. Sometimes with little relevant expertise and often in time-critical scenarios, assessing threat, risk and proportionate response based on a mix of official briefings, academic sources, and industry threat reports is a challenge. The imperative of dealing with such issues in a timely fashion presents novel technical and political challenges for policy advisers. In this paper we present a model to help assess the quality of such evidence. The Evidence Quality Assessment Model (EQAM) is essentially a tool to help assess evidence fitness and credibility for use in such decision making. We illustrate the model with a sample of possible evidence sources to demonstrate how different attributes could be used for a comparison. The ultimate goal here is to help resolve potential conflicts and weigh findings and opinions systematically.
LanguageEnglish
Title of host publicationCritical Infrastructure Protection XII
PublisherSpringer
Pages23-38
Number of pages16
Volume542
ISBN (Electronic)978-3-030-04537-1
ISBN (Print)978-3-030-04536-4
DOIs
StatePublished - 18 Dec 2018
EventTwelfth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection - SRI International, Arlington, United States
Duration: 12 Mar 201814 Mar 2018
http://www.ifip1110.org/Conferences/

Conference

ConferenceTwelfth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection
CountryUnited States
CityArlington
Period12/03/1814/03/18
Internet address

Fingerprint

Quality assessment
Policy making
Decision making
Threat
State capacity
Politicians
Industry
Expertise
Policy process
Scenarios
Fitness
Civil servants
Factors
Credibility

Keywords

  • Evidence Quality Assessment
  • Cybersecurity
  • Policymaking

Cite this

Hussain, A., Shaikh, S., Chung, A., Dawda, S., & Carr, M. (2018). An Evidence Quality Assessment Model for Cybersecurity Policymaking. In Critical Infrastructure Protection XII (Vol. 542, pp. 23-38). Springer. DOI: 10.1007/978-3-030-04537-1_2

An Evidence Quality Assessment Model for Cybersecurity Policymaking. / Hussain, Atif; Shaikh, Siraj; Chung, Alex; Dawda, Sneha; Carr, Madeline.

Critical Infrastructure Protection XII . Vol. 542 Springer, 2018. p. 23-38.

Research output: Chapter in Book/Report/Conference proceedingChapter

Hussain, A, Shaikh, S, Chung, A, Dawda, S & Carr, M 2018, An Evidence Quality Assessment Model for Cybersecurity Policymaking. in Critical Infrastructure Protection XII . vol. 542, Springer, pp. 23-38, Twelfth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Arlington, United States, 12/03/18. DOI: 10.1007/978-3-030-04537-1_2
Hussain A, Shaikh S, Chung A, Dawda S, Carr M. An Evidence Quality Assessment Model for Cybersecurity Policymaking. In Critical Infrastructure Protection XII . Vol. 542. Springer. 2018. p. 23-38. Available from, DOI: 10.1007/978-3-030-04537-1_2
Hussain, Atif ; Shaikh, Siraj ; Chung, Alex ; Dawda, Sneha ; Carr, Madeline. / An Evidence Quality Assessment Model for Cybersecurity Policymaking. Critical Infrastructure Protection XII . Vol. 542 Springer, 2018. pp. 23-38
@inbook{a7cd7ddac32e43ecb1a5b1c7ec389d2a,
title = "An Evidence Quality Assessment Model for Cybersecurity Policymaking",
abstract = "One key factor underpinning a state's capacity to respond to policy challenges of cybersecurity is the quality of evidence supporting such decision making. As part of this process, policy advisers, essentially a diverse group including everyone from civil servants to elected policy makers, are asked to assess evidence from a mix of sources. Sometimes with little relevant expertise and often in time-critical scenarios, assessing threat, risk and proportionate response based on a mix of official briefings, academic sources, and industry threat reports is a challenge. The imperative of dealing with such issues in a timely fashion presents novel technical and political challenges for policy advisers. In this paper we present a model to help assess the quality of such evidence. The Evidence Quality Assessment Model (EQAM) is essentially a tool to help assess evidence fitness and credibility for use in such decision making. We illustrate the model with a sample of possible evidence sources to demonstrate how different attributes could be used for a comparison. The ultimate goal here is to help resolve potential conflicts and weigh findings and opinions systematically.",
keywords = "Evidence Quality Assessment, Cybersecurity, Policymaking",
author = "Atif Hussain and Siraj Shaikh and Alex Chung and Sneha Dawda and Madeline Carr",
year = "2018",
month = "12",
day = "18",
doi = "10.1007/978-3-030-04537-1_2",
language = "English",
isbn = "978-3-030-04536-4",
volume = "542",
pages = "23--38",
booktitle = "Critical Infrastructure Protection XII",
publisher = "Springer",

}

TY - CHAP

T1 - An Evidence Quality Assessment Model for Cybersecurity Policymaking

AU - Hussain,Atif

AU - Shaikh,Siraj

AU - Chung,Alex

AU - Dawda,Sneha

AU - Carr,Madeline

PY - 2018/12/18

Y1 - 2018/12/18

N2 - One key factor underpinning a state's capacity to respond to policy challenges of cybersecurity is the quality of evidence supporting such decision making. As part of this process, policy advisers, essentially a diverse group including everyone from civil servants to elected policy makers, are asked to assess evidence from a mix of sources. Sometimes with little relevant expertise and often in time-critical scenarios, assessing threat, risk and proportionate response based on a mix of official briefings, academic sources, and industry threat reports is a challenge. The imperative of dealing with such issues in a timely fashion presents novel technical and political challenges for policy advisers. In this paper we present a model to help assess the quality of such evidence. The Evidence Quality Assessment Model (EQAM) is essentially a tool to help assess evidence fitness and credibility for use in such decision making. We illustrate the model with a sample of possible evidence sources to demonstrate how different attributes could be used for a comparison. The ultimate goal here is to help resolve potential conflicts and weigh findings and opinions systematically.

AB - One key factor underpinning a state's capacity to respond to policy challenges of cybersecurity is the quality of evidence supporting such decision making. As part of this process, policy advisers, essentially a diverse group including everyone from civil servants to elected policy makers, are asked to assess evidence from a mix of sources. Sometimes with little relevant expertise and often in time-critical scenarios, assessing threat, risk and proportionate response based on a mix of official briefings, academic sources, and industry threat reports is a challenge. The imperative of dealing with such issues in a timely fashion presents novel technical and political challenges for policy advisers. In this paper we present a model to help assess the quality of such evidence. The Evidence Quality Assessment Model (EQAM) is essentially a tool to help assess evidence fitness and credibility for use in such decision making. We illustrate the model with a sample of possible evidence sources to demonstrate how different attributes could be used for a comparison. The ultimate goal here is to help resolve potential conflicts and weigh findings and opinions systematically.

KW - Evidence Quality Assessment

KW - Cybersecurity

KW - Policymaking

U2 - 10.1007/978-3-030-04537-1_2

DO - 10.1007/978-3-030-04537-1_2

M3 - Chapter

SN - 978-3-030-04536-4

VL - 542

SP - 23

EP - 38

BT - Critical Infrastructure Protection XII

PB - Springer

ER -