A quantitative man-machine model for cyber security efficiency analysis
MetadataShow full item record
The analysis of security defense processes is of utmost importance in the management of various cyber-security attacks, which are increasing in scope and rapidity. Organizations need to optimize their resources based on a sound understanding of the level of their security defense processes' efficiency and the impact of their investment. Modeling and characterization of the dynamics of cyber security management are essential to risk prediction, damage assessment, and resource allocations. This dissertation addresses the interactions between human factors and information systems. On the basis of the spiral life cycle model of software development processes, we develop a realistic, holistic security attack-defense model - Man-Machine Model (M3), which combines human factors and information systems' (i.e., machine) states under an integrated analytical framework. M3 incorporates man and machine components. The man component is comprised of several variables such as Skill & Knowledge (SKKN) and Teamwork Quality (TWQ). The machine component is composed of variables such as traffic volume and the amount of downtime. M3 enables the analysis of intrusion detection and incident response process efficiency, i.e., security defense team performance. With data analysis, we formulate and test four major research hypotheses based on the data collected during security experiments. Through hypothesis testing, we evaluate regression models to estimate the security defense team performance (i.e. efficiency) at different levels of human intelligence (e.g., skill and knowledge) and teamwork (e.g., teamwork quality). We assess the fitness and significance of the regression models, and verify their assumptions. Based on these results, organizations can hire those who have an appropriate level of skill and knowledge when it concerns investments to increase the level of skill and knowledge of security personnel. They also can attempt to increase the level of skill and knowledge of security personnel.
Jung, Sung-Oh (2005). A quantitative man-machine model for cyber security efficiency analysis. Doctoral dissertation, Texas A&M University. Texas A&M University. Available electronically from