Confidence Assertions in Cyber-Security for an Information-Sharing Environment

Information sharing is vital in resisting cyberattacks, and the volume and severity of these attacks is increasing very rapidly. Therefore responders must triage incoming warnings in deciding how to act. This study asked a very specific question: "how can the addition of confidence information to alerts and warnings improve overall resistance to cyberattacks." We sought, in particular, to identify current practices, and if possible, to identify some "best practices." The research involved literature review and interviews with subject matter experts at every level from system administrators to persons who develop broad principles of policy. An innovative Modified Online Delphi Panel technique was used to elicit judgments and recommendations from experts who were able to speak with each other and vote anonymously to rank proposed practices.