Analysis of Mission Based Cyber Risk Assessments (MBCRAs) Usage in DoDs Cyber Test and Evaluation

Abstract

Mission based cyber risk assessments (MBCRAs) are methodologies used to identify, estimate, assess and prioritize cybersecurity risks for hardware and information systems being employed in operations. Current Department of Defense (DoD) policy does not provide any guidance on how to evaluate the quality of mission-based cyber risk assessment methodologies; nor does it define specific criteria to examine or results that must be generated by MBCRAs to inform system security decisions. This Institute for Defense Analyses (IDA) developed a 30 question survey to better understand the use of and needs from MBCRAs across DoDs cyber test and evaluation community and analyzed the responses. This analysis provides information in an on-going effort to inform DoDs development of evaluation criteria for MBCRA methodologies.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2022
Accession Number
AD1203757

Entities

People

  • Allyson M. Buytendyk
  • Rachel K. De Naray

Organizations

  • Institute for Defense Analyses

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Air Force
  • Availability
  • Business Administration
  • Communities
  • Contractors
  • Contracts
  • Cybersecurity
  • Department Of Defense
  • Developmental Tests
  • Engineering
  • Governments
  • Information Systems
  • Risk
  • Risk Analysis
  • Security
  • Standards
  • Test And Evaluation
  • Test Methods
  • Vulnerability

Readers

  • Computational Modeling and Simulation
  • Cybersecurity.
  • Defense Acquisition Program Management

Technology Areas

  • Cyber