Abstract
It is important to have and use standardized terminology and develop a comprehensive common understanding of what is meant by cyber security and cyber security risk given the multidisciplinary nature of cyber security and the pervasiveness of cyber security concerns throughout society. Using expert elicitation methods, collaborating cyber researchers from multiple disciplines and two sectors (academia, government–military) were individually interviewed and asked to define cyber security and cyber security risk. Data‐driven thematic analysis was used to identify the most salient themes within each definition, sector, and cyber expert group as a whole with results compared to current standards definitions. Network analysis was employed to visualize the interconnection of salient themes within and across sectors and disciplines. When examined as a whole group, “context‐driven,” “resilient system functionality,” and “maintenance of CIA (confidentiality, integrity, availability)” were the most salient themes and influential network nodes for the definition of cyber security, while “impacts of CIA vulnerabilities,” “probabilities of outcomes,” and “context‐driven” were the most salient themes for cyber security risk. We used this expert elicitation process to develop comprehensive definitions of cyber security (cybersecurity) and cyber security risk that encompass the contextual frameworks of all the disciplines represented in the collaboration and explicitly incorporates human factors as significant cyber security risk factors.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Risk analysis : an official publication of the Society for Risk Analysis
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.