Franz, T. (2011, Summer). The cyber warfare professional: Realizations for developing the next generation. Air and Space Power Journal, 26(2), 87-99. Retrieved from http://www.airpower.au.af.mil/ [Full text available in the Academic Search Complete database.]
The cyberspace environment presents conceptual and operational challenges for military leaders not unlike those associated with the early days of human flight. As technologies emerged to exploit each new domain, leaders at first dismissed them before finally recognizing the importance of dominance in the new environment. Although exploiting and defending cyberspace carries an opportunity cost, as early military leaders discovered with airpower, failing to properly organize, train, and equip for the new domain can undermine our current military advantage and our prospects for success.
Moore, J. (2011, August 15). Cyber recruits key part of NSA hiring blitz. Retrieved from http://www.federalnewsradio.com/?nid=15&sid=2497197 [listen]
The National Security Agency is on a hiring blitz. The cryptologic intelligence agency - home to the government's chief codemakers and breakers - announced its intention to hire as many as 3,000 people over the next two years, many of them cybersecurity experts. In fact, NSA recruiters even took a trip to Las Vegas in the last few weeks to look for potential hires at DefCon, a high-profile hacker conference there. Dickie George, the technical director of the Information Assurance Directorate at NSA, told the Federal Drive the agency is partnering with academia and industry to find the "best and brightest" in cybersecurity.
Ryan, J., Mazzuchi, T. A., Ryan, D. J., de la Cruz, J. L., & Cooke, R. (2012). Quantifying information security risks using expert judgment solicitation. Computers and Operations Research, 39(4), 774-784. doi:10.1016/j.cor.2010.11.013 [Full text available in the ScienceDirect database.]
In the information security business, 30 years of practical and theoretical research has resulted in a fairly sophisticated appreciation for how to judge the qualitative level of risk faced by an enterprise. Based upon that understanding, there is a practical level of protection that a competent security manager can architect for a given enterprise. It would, of course, be better to use a quantitative approach to risk management, but, unfortunately, sufficient quantitative data that has been scientifically collected and analyzed does not exist. There have been many attempts to develop quantitative data using traditional quantitative methods, such as experiments, surveys, and observations, but there are significant weaknesses apparent in each approach. The research described in this paper was constructed to explore the utility of applying the well-established method of expert judgment elicitation to the field of information security. The instrument for eliciting the expert judgments was developed by two information security specialists and two expert judgment analysis specialists. The resultant instrument was validated using a small set of information security experts. The final instrument was used to elicit answers to both the calibration and judgment questions through structured interviews. The data was compiled and analyzed by a specialist in expert judgment analysis. This research illustrates the development of prior distributions for the parameters of models for cyber attacks and uses expert judgment results to develop the distributions.
