An Evidence Quality Assessment Model for Cybersecurity Policymaking

Atif Hussain, Siraj Shaikh, Alex Chung, Sneha Dawda, Madeline Carr

    Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

    1 Citation (Scopus)


    One key factor underpinning a state's capacity to respond to policy challenges of cybersecurity is the quality of evidence supporting such decision making. As part of this process, policy advisers, essentially a diverse group including everyone from civil servants to elected policy makers, are asked to assess evidence from a mix of sources. Sometimes with little relevant expertise and often in time-critical scenarios, assessing threat, risk and proportionate response based on a mix of official briefings, academic sources, and industry threat reports is a challenge. The imperative of dealing with such issues in a timely fashion presents novel technical and political challenges for policy advisers. In this paper we present a model to help assess the quality of such evidence. The Evidence Quality Assessment Model (EQAM) is essentially a tool to help assess evidence fitness and credibility for use in such decision making. We illustrate the model with a sample of possible evidence sources to demonstrate how different attributes could be used for a comparison. The ultimate goal here is to help resolve potential conflicts and weigh findings and opinions systematically.
    Original languageEnglish
    Title of host publicationCritical Infrastructure Protection XII
    Number of pages16
    ISBN (Electronic)978-3-030-04537-1
    ISBN (Print)978-3-030-04536-4
    Publication statusPublished - 18 Dec 2018
    EventTwelfth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection - SRI International, Arlington, United States
    Duration: 12 Mar 201814 Mar 2018


    ConferenceTwelfth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection
    Country/TerritoryUnited States
    Internet address


    • Evidence Quality Assessment
    • Cybersecurity
    • Policymaking


    Dive into the research topics of 'An Evidence Quality Assessment Model for Cybersecurity Policymaking'. Together they form a unique fingerprint.

    Cite this