A threat‐intelligence driven methodology to incorporate uncertainty in cyber risk analysis and enhance decision‐making

Abstract

Abstract The challenge of decision‐making under uncertainty in information security has become increasingly important, given the unpredictable probabilities and effects of events in the ever‐changing cyber threat landscape. Cyber threat intelligence provides decision‐makers with the necessary information and context to understand and anticipate potential threats, reducing uncertainty, and improving the accuracy of risk analysis. The latter is a principal element of evidence‐based decision‐making, and it is essential to recognize that addressing uncertainty requires a new, threat‐intelligence (TI) driven methodology, and risk analysis approach. We propose a solution to this challenge by introducing a TI‐based security assessment methodology and a decision‐making strategy that considers both known unknowns and unknown unknowns. The proposed methodology aims to enhance the quality of decision‐making by utilizing causal graphs, which offer an alternative to conventional methodologies that rely on attack trees, resulting in a reduction of uncertainty. Furthermore, we consider tactics, techniques, and procedures that are possible, probable, and plausible, improving the predictability of adversary behavior. Our proposed solution provides practical guidance for information security leaders to make informed decisions in uncertain situations. This paper offers a new perspective on addressing the challenge of decision‐making under uncertainty in information security by introducing a methodology that can help decision‐makers navigate the intricacies of the dynamic and continuously evolving landscape of cyber threats.