Confidence Assertions in Cyber-Security for an Information-Sharing Environment

TL;DR

This paper investigates how adding confidence information to cyber alerts can enhance resistance to cyberattacks, using literature review, expert interviews, and a novel Delphi panel method.

Contribution

It introduces a new approach to incorporate confidence assertions in cyber-security alerts and identifies best practices through expert consensus.

Findings

Confidence information improves alert triage effectiveness

Expert consensus on best practices for confidence assertions

Modified Delphi method facilitates expert collaboration

Abstract

Information sharing is vital in resisting cyberattacks, and the volume and severity of these attacks is increasing very rapidly. Therefore responders must triage incoming warnings in deciding how to act. This study asked a very specific question: "how can the addition of confidence information to alerts and warnings improve overall resistance to cyberattacks." We sought, in particular, to identify current practices, and if possible, to identify some "best practices." The research involved literature review and interviews with subject matter experts at every level from system administrators to persons who develop broad principles of policy. An innovative Modified Online Delphi Panel technique was used to elicit judgments and recommendations from experts who were able to speak with each other and vote anonymously to rank proposed practices.