Confidence Assertions in Cyber-Security for an Information-Sharing Environment
This addresses the problem of triaging warnings for cybersecurity responders, but it is incremental as it focuses on improving existing practices rather than introducing new methods.
The study investigated how adding confidence information to cybersecurity alerts can improve resistance to cyberattacks, using a Modified Online Delphi Panel to identify current and best practices through expert input.
Information sharing is vital in resisting cyberattacks, and the volume and severity of these attacks is increasing very rapidly. Therefore responders must triage incoming warnings in deciding how to act. This study asked a very specific question: "how can the addition of confidence information to alerts and warnings improve overall resistance to cyberattacks." We sought, in particular, to identify current practices, and if possible, to identify some "best practices." The research involved literature review and interviews with subject matter experts at every level from system administrators to persons who develop broad principles of policy. An innovative Modified Online Delphi Panel technique was used to elicit judgments and recommendations from experts who were able to speak with each other and vote anonymously to rank proposed practices.