An Evidence Quality Assessment Model for Cybersecurity Policymaking

Atif Hussain, Siraj Shaikh, Alex Chung, Sneha Dawda, Madeline Carr

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

1 Citation (Scopus)


One key factor underpinning a state's capacity to respond to policy challenges of cybersecurity is the quality of evidence supporting such decision making. As part of this process, policy advisers, essentially a diverse group including everyone from civil servants to elected policy makers, are asked to assess evidence from a mix of sources. Sometimes with little relevant expertise and often in time-critical scenarios, assessing threat, risk and proportionate response based on a mix of official briefings, academic sources, and industry threat reports is a challenge. The imperative of dealing with such issues in a timely fashion presents novel technical and political challenges for policy advisers. In this paper we present a model to help assess the quality of such evidence. The Evidence Quality Assessment Model (EQAM) is essentially a tool to help assess evidence fitness and credibility for use in such decision making. We illustrate the model with a sample of possible evidence sources to demonstrate how different attributes could be used for a comparison. The ultimate goal here is to help resolve potential conflicts and weigh findings and opinions systematically.
Original languageEnglish
Title of host publicationCritical Infrastructure Protection XII
Number of pages16
ISBN (Electronic)978-3-030-04537-1
ISBN (Print)978-3-030-04536-4
Publication statusPublished - 18 Dec 2018
EventTwelfth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection - SRI International, Arlington, United States
Duration: 12 Mar 201814 Mar 2018


ConferenceTwelfth Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection
Country/TerritoryUnited States
Internet address


  • Evidence Quality Assessment
  • Cybersecurity
  • Policymaking


Dive into the research topics of 'An Evidence Quality Assessment Model for Cybersecurity Policymaking'. Together they form a unique fingerprint.

Cite this