Illari, Phyllis Kirstin; Spring, Jonathan; (2025) Information Security, Intelligence Analysis, and Knowledge Generation without Experiments. In: Illari, Phyllis and Russo, Federica, (eds.) Routledge Handbook of Causality and Causal Methods. (pp. 311-323). Routledge: New York.

Text (Chapter 22 [Part IV]) Illari_ Information Security, Intelligence Analysis, and Knowledge Generation without Experiments_AAM_chapter.pdf Access restricted to UCL open access staff Download (729kB)

Abstract

Intelligence analysis is the professional practice of understanding what a human adversary might do. Incident response is the professional practice within information security of diagnosing what an adversary has done to your computer network (and hopefully repairing it and preventing recurrence). While this practice infers causes of effects and predicts what adversaries may do in the future, broad swaths of the practice are not amenable to stochastic investigation through experiments and rather focus on historical analysis and case studies for building up general knowledge. This is similar to other scientific fields, such as paleontology and astronomy, that investigate “ephemeral” mechanisms. However, the security fields are distinct in having an interest in predicting future ephemeral mechanisms and engineering systems to constrain them. A framework to support this is to investigate adversary capability, access, and intent. This chapter will sketch how mechanisms can represent general knowledge about adversary capability, access, and intent and can guide non-experimental investigation of them in practice. In this way we will see how knowledge of causal mechanisms can be built and help practitioners with control, in the sense of mitigating attacks.

Download activity - last month

Export as XMLJSONCSV

Download activity - last 12 months

Export as XMLCSVJSON

Downloads by country - last 12 months

Export as XMLCSVJSON

Archive Staff Only

View Item