{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T16:23:12Z","timestamp":1772554992371,"version":"3.50.1"},"reference-count":21,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2019,11,11]],"date-time":"2019-11-11T00:00:00Z","timestamp":1573430400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2019,11,11]]},"abstract":"\nPurpose<\/jats:title>\nThe purpose of this paper is to investigate security decision-making during risk and uncertain conditions and to propose a normative model capable of tracing the decision rationale.<\/jats:p>\n<\/jats:sec>\n\nDesign\/methodology\/approach<\/jats:title>\nThe proposed risk rationalisation model is grounded in literature and studies on security analysts\u2019 activities. The model design was inspired by established awareness models including the situation awareness and observe\u2013orient\u2013decide\u2013act (OODA). Model validation was conducted using cognitive walkthroughs with security analysts.<\/jats:p>\n<\/jats:sec>\n\nFindings<\/jats:title>\nThe results indicate that the model may adequately be used to elicit the rationale or provide traceability for security decision-making. The results also illustrate how the model may be applied to facilitate design for security decision makers.<\/jats:p>\n<\/jats:sec>\n\nResearch limitations\/implications<\/jats:title>\nThe proof of concept is based on a hypothetical risk scenario. Further studies could investigate the model\u2019s application in actual scenarios.<\/jats:p>\n<\/jats:sec>\n\nOriginality\/value<\/jats:title>\nThe paper proposes a novel approach to tracing the rationale behind security decision-making during risk and uncertain conditions. The research also illustrates techniques for adapting decision-making models to inform system design.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2019-0021","type":"journal-article","created":{"date-parts":[[2019,6,17]],"date-time":"2019-06-17T09:25:33Z","timestamp":1560763533000},"page":"636-646","source":"Crossref","is-referenced-by-count":3,"title":["A normative decision-making model for cyber security"],"prefix":"10.1108","volume":"27","author":[{"given":"Andrew","family":"M\u2019manga","sequence":"first","affiliation":[]},{"given":"Shamal","family":"Faily","sequence":"additional","affiliation":[]},{"given":"John","family":"McAlaney","sequence":"additional","affiliation":[]},{"given":"Chris","family":"Williams","sequence":"additional","affiliation":[]},{"given":"Youki","family":"Kadobayashi","sequence":"additional","affiliation":[]},{"given":"Daisuke","family":"Miyamoto","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020040109442855400_ref001","volume-title":"Decision Making: Descriptive, Normative, and Prescriptive Interactions","year":"1988"},{"issue":"23","key":"key2020040109442855400_ref002","first-page":"123","article-title":"The essence of winning and losing","volume":"12","year":"1996","journal-title":"Unpublished Lecture Notes"},{"key":"key2020040109442855400_ref003","first-page":"229","article-title":"Achieving cyber defense situational awareness: a cognitive task analysis of information assurance analysts","volume-title":"Proceedings of the Human Factors and Ergonomics Society Annual Meeting","year":"2005"},{"issue":"1","key":"key2020040109442855400_ref004","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1518\/001872095779049543","article-title":"Toward a theory of situation awareness in dynamic systems","volume":"37","year":"1995","journal-title":"Human Factors: The Journal of the Human Factors and Ergonomics Society"},{"issue":"2","key":"key2020040109442855400_ref005","first-page":"147","article-title":"A grounded analysis of experts\u2019 decision-making during security assessments","volume":"2","year":"2016","journal-title":"Journal of Cybersecurity"},{"issue":"4","key":"key2020040109442855400_ref006","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1109\/MIS.2017.3121544","article-title":"Explaining explanation, part 2: empirical foundations","volume":"32","year":"2017","journal-title":"IEEE Intelligent Systems"},{"key":"key2020040109442855400_ref007","first-page":"151","article-title":"Complex problem solving as multistage decision making","volume-title":"Complex Problem Solving: The European Perspective","year":"2014"},{"key":"key2020040109442855400_ref008","volume-title":"Sources of Power: How People Make Decisions","year":"1999"},{"issue":"3","key":"key2020040109442855400_ref009","doi-asserted-by":"crossref","first-page":"456","DOI":"10.1518\/001872008X288385","article-title":"Naturalistic decision making","volume":"50","year":"2008","journal-title":"Human Factors: The Journal of the Human Factors and Ergonomics Society"},{"key":"key2020040109442855400_ref010","volume-title":"Human-computer Interaction: An Empirical Research Perspective","year":"2013"},{"key":"key2020040109442855400_ref011","article-title":"Folk risk analysis: factors influencing security analysts\u2019 interpretation of risk","volume-title":"Proceedings of the 13th Symposium on Usable Privacy and Security (SOUPS), Santa Clara, USA,12-14 July 2017, Usenix Association","year":"2017"},{"key":"key2020040109442855400_ref012","first-page":"263","article-title":"Rationalising decision making about risk: a normative approach","volume-title":"Proceedings of the twelfth International Symposium on Human Aspects of Information Security and Assurance (HAISA), Dundee, 29-31 August 2018","year":"2018"},{"key":"key2020040109442855400_ref013","first-page":"866","article-title":"Discovering \u2018unknown known\u2019 security requirements","volume-title":"38th International Conference on Software Engineering","year":"2016"},{"key":"key2020040109442855400_ref014","volume-title":"The Human Data Processor as a System Component: Bits and Pieces of a Model","year":"1974"},{"key":"key2020040109442855400_ref015","first-page":"387","article-title":"Usability evaluation with the cognitive walkthrough","volume-title":"Conference Companion on Human Factors in Computing Systems","year":"1995"},{"issue":"4","key":"key2020040109442855400_ref016","doi-asserted-by":"crossref","first-page":"351","DOI":"10.1007\/BF02212307","article-title":"Metacognitive theories","volume":"7","year":"1995","journal-title":"Educational Psychology Review"},{"issue":"1","key":"key2020040109442855400_ref017","first-page":"161","article-title":"Theories of bounded rationality","volume":"1","year":"1972","journal-title":"Decision and Organization"},{"key":"key2020040109442855400_ref018","volume-title":"Information Quality","year":"2005"},{"issue":"1","key":"key2020040109442855400_ref019","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1108\/09685221011035241","article-title":"Preparation, detection, and analysis: the diagnostic work of IT security incident response","volume":"18","year":"2010","journal-title":"Information Management and Computer Security"},{"key":"key2020040109442855400_ref020","first-page":"296","article-title":"How analysts think(?) Early observations","volume-title":"Joint Intelligence and Security Informatics Conference","year":"2014"},{"issue":"1","key":"key2020040109442855400_ref021","doi-asserted-by":"crossref","first-page":"269","DOI":"10.1177\/1541931215591055","article-title":"How analysts think: inference making strategies","volume":"59","year":"2015","journal-title":"Proceedings of the Human Factors and Ergonomics Society Annual Meeting"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2019-0021\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2019-0021\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:37Z","timestamp":1753406557000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/27\/5\/636-646\/109011"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,11]]},"references-count":21,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2019,11,11]]}},"alternative-id":["10.1108\/ICS-01-2019-0021"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2019-0021","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2019,11,11]]}}}