Presentation on theme: "Project Title : Towards an Economic Behavioral Science Approach to Cyber Security and Economic Risk Models (ToCyR) Kickoff Template Submission Date: December."— Presentation transcript:
Project Title : Towards an Economic Behavioral Science Approach to Cyber Security and Economic Risk Models (ToCyR) Kickoff Template Submission Date: December 1, 2014 Scott Farrow (PI and Transition Lead), Anupam Joshi (Co-Investigator),
2 Project Objectives: Initialization Year 1 Research Goals –1 Create a set of more detailed economic models reflective of cyber security microeconomic concerns, –2 Identify the ways in which incentives for private mitigation may differ from public mitigation depending on the details of the cyber attack taxonomy, –3 Identify data necessary to operationalize the most promising models for private or public decision-making, –4) create a concordance between different methodological approaches to value risk trade-offs. Research Transition Goals –1 Present results at executive level workshop at DHS –2 Present paper at policy oriented conference
3 DHS Interest and Motivation: (Why is DHS interested) –1 Cyber: interest in a more science and social science approach to cyber issues –2 Make better use of new and existing guidance in Cyber –3 Ongoing challenge to analyze risk metrics (Who at DHS are your contacts) –1 Debra Elkins (SPAR) –2 Tony Cheesebrough (NPPD)
4 Potential non-DHS Stakeholders: Who else (operators/customers) could be interested in your research transition? –NIST: UMBC (my home institution) is part of recent NIST FFRDC to MITRE and the University System of Maryland.
5 Interfaces to Related Research (Who else is working on this) –1 (Interfaces with others in this field) –1Gordon and Leob (developers of private sector investment guidance for cyber) http://en.wikipedia.org/wiki/Gordon-Loeb_Model –2
6 Research Technical Plan: Cyber task: –Develop a mathematical structure between cyber security taxonomies of threat, consequence, and tactics with micro-economic modeling Risk model task: Meta Model Choice –Research and compare and contrast the varying assumptions and risk valuation general measures obtained from benefit-cost analysis, decision analysis and multi-attribute utility analysis with an eye toward a decision model of model choice.
7 Research Transition Plan: – Information and progress sharing, potential executive seminar presentation Initialization year is to create initial substance on cyber. Meta choice for models may be suitable for a seminar by summer.
8 Milestones and Schedule/Timeline: October 15: Meet with NPPD, SPAR, TRA Economic Consequence group (done); continue contact. Jan 1: Present initial structure of meta choice model task to academic groups. April 1: Reading, scoping and initial design of cyber risk modeling completing June 1: Final draft of cyber risk modeling June 15: Meta choice modeling available for presentation.