Current browse context:
cs.CR
Change to browse by:
References & Citations
Computer Science > Cryptography and Security
Title: Decision-Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment
(Submitted on 4 Jul 2017 (v1), last revised 3 Jul 2018 (this version, v4))
Abstract: We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals with those of an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects; however, experienced subjects were better able to learn the need for proactive decision-making through an iterative process. Both groups exhibited similar errors when dealing with the uncertainty of cyber incidents. Our findings highlight the importance of training for decision-makers with a focus on systems thinking skills, and lay the groundwork for future research on uncovering mental biases about the complexities of cybersecurity.
Submission history
From: Mohammad S. Jalali [view email][v1] Tue, 4 Jul 2017 15:17:38 GMT (2685kb)
[v2] Tue, 15 Aug 2017 19:23:07 GMT (2658kb)
[v3] Mon, 8 Jan 2018 22:14:17 GMT (2812kb)
[v4] Tue, 3 Jul 2018 00:06:29 GMT (2710kb)
Link back to: arXiv, form interface, contact.