Skip to main content

A Normative Decision Making Model for Cyber Security.

M'manga, A., Faily, S., McAlaney, J., Williams, C., Kadobayashi, Y. and Miyamoto, D., 2019. A Normative Decision Making Model for Cyber Security. Information and Computer Security, 26 (5), 636-646.

Full text available as:

BUCSRG Information_and_Computer_Security_Journal.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial.


DOI: 10.1108/ICS-01-2019-0021


Purpose - The purpose of this paper was to investigate security decision making during risk and uncertain conditions and to propose a normative model capable of tracing the decision rationale. Design/methodology/approach – The proposed risk rationalisation model is grounded in literature and studies on security analysts’ activities. The model design was inspired by established awareness models including Situation Awareness and Observe Orient Decide Act (OODA). Model validated was conducted using cognitive walkthroughs with security analysts. Findings – The results indicate that the model may adequately be used to elicit the rationale or provide traceability for security decision making. The results also illustrate how the model may be applied to facilitate design for security decision makers. Research limitations/implications – The proof of concept is based on a hypothetical risk scenario. Further studies could investigate the model’s application in actual scenarios. Originality/value – The paper proposes a novel approach to tracing the rationale behind security decision making during risk and uncertain conditions. The research also illustrates techniques for adapting decision making models to inform system design.

Item Type:Article
Additional Information:The research was funded by Bournemouth University studentship DSTLX1000104780R_BOURNEMOUTH_PhD_RBDM, with the initial collaborative meeting between UK/Japan researchers facilitated by support from the Great Britain Sasakawa Foundation. The authors are also grateful to DSTL for their sponsorship of this work.
Uncontrolled Keywords:Normative, Decision-making, Rationalisation, Awareness, Uncertainty, Perception, Risk, Security
Group:Faculty of Science & Technology
ID Code:32131
Deposited By: Symplectic RT2
Deposited On:08 Apr 2019 10:25
Last Modified:14 Mar 2022 14:15


Downloads per month over past year

More statistics for this item...
Repository Staff Only -