- Published: September 14, 2022
- Updated: September 14, 2022
- University / College: Boston College
- Language: English
- Downloads: 6
One of the problems that may affect the level of cyber security is the accuracy of measures used to make decisions. The problem arises especially if the organizations do not define measures precisely such that the data obtained is consistent. Due to this, one may be measuring aspects whose effects on the security of the system are minimal while ignoring the critical ones. For example, the use of intrusion detection system (IDS) for port scans presents a problem in that it does not have a consistency of what it measures. The IDSs use different proprietary algorithms in the identification of the port scans and, therefore, there is variance in what each IDS identify (Black, Scarfone, and Souppaya, 2008 p. 3).
Additionally, the use of qualitative data affects the accuracy. Qualitative data, mainly using the self-evaluation surveys is subjective depending on the questions asked. Description data usually allows the respondent to give their opinions that may include personal biases. For example, it is quite difficult for an administrator to agree that their system does not meet the organization’s standards. Such would lead to inaction in the event there are imminent threats. The use of appropriately scaled quantitative questions can help remove biases and errors in the data. In this respect, one can ask the number of times the system(s) crash or hang within a specified duration. The time aspect brings in the context of data freshness and its contextual use (Peralta, 2006, p. 2). Old data may have very little use if any. For example, if there are 100 attacks out of 500, 000 within two years, the attempts may have minimal risks. However, similar attempts within one month would have substantial impacts on the integrity of the systems. The fundamental challenge of the measurement accuracy is improper definitions that leads to variations in the measurements, qualitative data, and the freshness of the measurements.
Reference
Black, P. E., Scarfone, K., & Souppaya, M. (2008). Cybersecurity metrics and measures. In J. G. Voller (Ed.) Handbook of science and technology for homeland security (vol. 5). Hoboken, NJ: John Wiley & Sons. Retrieved from http://hissa. nist. gov/~black/Papers/cyberSecurityMetrics2007proof. pdf
Peralta V. (2006). Data Freshness and Data Accuracy: A State of the Art Retrieved on July 6, 2015 from http://www. fing. edu. uy/inco/pedeciba/bibliote/reptec/TR0613. pdf
