Cyber defenders and systems architects must evaluate claims or hypotheses about the potential effectiveness of defensive actions and decisions. This paper describes three general types of evaluation environments: operational, synthetic, and hybrid.
Mapping the Cyber Terrain: Enabling Cyber Defensibility Claims and Hypotheses to Be Stated and Evaluated with Greater Rigor and Utility
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
Evidence and analysis are needed to determine the effectiveness of cyber security, defensibility, and resiliency solutions. Claims or hypotheses about effectiveness generally are based on assumptions about the threat, and about the technical and operational settings in which solutions will be used. Evidence can be obtained in a variety of environments, ranging from conceptual models to systems supporting mission operations. This paper presents a framework for characterizing assumptions and evaluation environments – an approach to mapping the cyber terrain. The approach presented here can facilitate determination of whether a given hypothesis is meaningful to a specific real-world situation or can be evaluated in a given environment, whether different solutions can be evaluated in a common environment, and whether or how the results obtained in a given environment can be applied to real-world situations. Examples are provided of questions to ask, and sources of information to use, to characterize an environment, particularly with respect to the threat.