Upload
violet-lee
View
213
Download
0
Embed Size (px)
Citation preview
Project Title: Towards an Economic Behavioral Science Approach to Cyber Security and Economic Risk Models (ToCyR)
Kickoff Template Submission Date: December 1, 2014
Scott Farrow (PI and Transition Lead), Anupam Joshi (Co-Investigator),
2
Project Objectives: Initialization Year 1
• Research Goals– 1 Create a set of more detailed economic models reflective of
cyber security microeconomic concerns, – 2 Identify the ways in which incentives for private mitigation may
differ from public mitigation depending on the details of the cyber attack taxonomy,
– 3 Identify data necessary to operationalize the most promising models for private or public decision-making,
– 4) create a concordance between different methodological approaches to value risk trade-offs.
• Research Transition Goals– 1 Present results at executive level workshop at DHS– 2 Present paper at policy oriented conference
3
DHS Interest and Motivation:
• (Why is DHS interested)– 1 Cyber: interest in a more science and
social science approach to cyber issues– 2 Make better use of new and existing
guidance in Cyber– 3 Ongoing challenge to analyze risk
metrics• (Who at DHS are your contacts)
– 1 Debra Elkins (SPAR)– 2 Tony Cheesebrough (NPPD)
4
Potential non-DHS Stakeholders:
• Who else (operators/customers) could be interested in your research transition?– NIST: UMBC (my home institution) is part of recent
NIST FFRDC to MITRE and the University System of Maryland.
5
Interfaces to Related Research
• (Who else is working on this)– 1
• (Interfaces with others in this field)– 1Gordon and Leob (developers of private sector
investment guidance for cyber) http://en.wikipedia.org/wiki/Gordon-Loeb_Model
– 2
6
Research Technical Plan:
• Cyber task:– Develop a mathematical structure between cyber
security taxonomies of threat, consequence, and tactics with micro-economic modeling
• Risk model task: Meta Model Choice– Research and compare and contrast the varying
assumptions and risk valuation general measures obtained from benefit-cost analysis, decision analysis and multi-attribute utility analysis with an eye toward a decision model of model choice.
7
Research Transition Plan:
– Information and progress sharing, potential executive seminar presentation• Initialization year is to create initial
substance on cyber.• Meta choice for models may be suitable
for a seminar by summer.
8
Milestones and Schedule/Timeline:
• October 15: Meet with NPPD, SPAR, TRA Economic Consequence group (done); continue contact.
• Jan 1: Present initial structure of meta choice model task to academic groups.
• April 1: Reading, scoping and initial design of cyber risk modeling completing
• June 1: Final draft of cyber risk modeling• June 15: Meta choice modeling available for
presentation.