Share

Dealing with “cyberuncertainty”. Part I

ByJavier Martínez-Torres - 05 / 11 / 2014

 

One of the subjects included in my doctoral program "Information, Knowledge and Information", belonging to department of Computer Science at UAH, was called if I remember correctly “Computational Treatment Of Uncertainty”.

It was almost 100% based on fuzzy logic and I deeply studied the performance of some fuzzy operators but I never reached a comprehension in practice with a successful outcome, at that time I was already involved in software development projects for the Navy and my professional vision quickly focused on practical issues.

Over the years I am still eager to learn new ways to deal uncertainty and lastly the famous “unknown unknowns” always come up in informal conversations with Jorge. This baffling sentence of the Secretary of Defense was given the “Foot in Mouth Award” because it was one of the most unintelligible speeches in the year 2002. I invite you to read it.

Nowadays,  the scientific community continues to propose methods to deal with uncertainty in cybersecurity matters, some of those are techniques to make an introspective exercise to help the organization to reduce the uncertainty areas, such as “AREM Window” presented in the last conference about XII Reunión Española sobre Criptología y Seguridad de la Información, held in Alicante at the beginning of past September. This method is based on another window proposed by the psychologists JOseph Luft and HARry Ingham, so-called “JOHARI Window” [1], but obviously they did not apply to cybersecutiy but rather interpersonal relationships.

In 2013, Jeimy J. Cano [2], a highly recognized professional in cybersecurity proposed a new method based on the Johari Window, he called “AREM Window”. The aim of this method is to understand the relationship between a company and the environment in the realm of risks, threats and opportunities. According the author, the “AREM Window” should “move the reflections from the quadrant of known, towards all that is latent, it means, non evident things at that moment but existing conditions and signals in the environment indicate activity patterns, revealing a situation that seems meaningless, however there are enough elements to have to consider in the analysis”, in other words, addressing the uncertainty from a methodical manner. 

Indra Arem

Our vision is an approach towards a defensive methodology from the point of view of cybersecurity, in a preliminary analysis it is easy to shed light on areas where internal unknowns exist (Hidden and Emerging Threats/Risks) are the most dangerous and these tools are breaking into the dealing with the uncertainty. Such as Bayesian Belief Networks, and I must admit my preference for these mathematical models that go beyond methodology, method, or procedure to deal the uncertainty. Unfortunately the post is too large to publish at one time, so the next post will be dedicated to Bayesian Networks.

References

  1. Luft, J. and Ingham, H. “The Johari window, a graphic model of interpersonal awareness”, Proceedings of the western training laboratory in group development, UCLA, 1955.
  2. Jeimy J. Cano, “La ventana de AREM. Una herramienta estratégica y táctica para visualizar la incertidumbre”, http://insecurityit.blogspot.com.es/2013/06/la-ventana-de-arem-una-herramienta.html, 2013.