Research Methods for Cyber Security - Readwise Highlights
Metadata
- Author: Thomas Edgar and David Manz
- Full Title: Research Methods for Cyber Security
- Category: books
- NotebookLM - https://notebooklm.google.com/notebook/be465337-ebc6-4bf8-8c68-2ec268f59e55
Highlights
Chapter 1 - Intro to Science
Chapter Objectives
- Introduce science
- Overview of forms of research and their types of methods
- Describe the continuum of discovery and the hierarchy of evidence
- Explore historical scientific advances in astronomy to contextualize concepts
Highlights
- science represents three things: a philosophy, a body of knowledge, and a process to discover knowledge. (Location 393)
- What science is not is engineering. Engineering turns the knowledge gained through science into usable applications and solutions to address challenges or problems. (Location 398)
- In the case of cyber security, the goal of scientific exploration is to gain the knowledge to make it possible to quantify security and predict what tools and practices will enable us to thwart or stymie cyber attackers. (Location 409)
- Test beds are necessary in order to advance our knowledge. (Location 443)
- Applied research leverages concepts and techniques from the other forms of research to study and assess our ability to apply knowledge to solving or addressing a societal problem. Applied research is a core topic in cyber security research because the overall objective of securing a system is applied. (Location 454)
- In the absence of experiments to challenge our assumptions, the apparent progress we’re making is an illusion. (Location 479)
- Some research methods generate stronger evidence than others, (Location 494)
- The paradox is that our ability to assess where we are in the continuum is often thwarted by strongly held beliefs. It is exactly for this reason that the scientific method is essential for advancing our knowledge of the world around us. (Location 553)
- In the 1962 book “The Structure of Scientific Revolutions” physicist and philosopher Thomas Kuhn coined the phrase paradigm shift to attempt to explain the societal influence on science. (Location 575)
- The desire by policy makers is to base their decisions on certainty. A scientist can only represent the data and their interpretations. (Location 639)
- An important subtlety of the second law is that the velocity of the planet must change over the course of the orbit for the equal intervals to have equal areas. The planet accelerates as it gets closer to the Sun and decelerates as it moves farther away from the Sun. (Location 723)
- Science is fundamental to assembling evidence in support of discovery. What science can’t do is provide absolute answers. (Location 933)
Chapter 2 - Science and Cybersecurity
Chapter Objectives
- Define cyber space and cyber security
- Introduce foundational concepts of cyber security
- Discuss the philosophy of a cyber security science
- Provide an introductory overview of the cyber security research field
Highlights
- The technological perspective is that cyber space encapsulates data or information and the technology that is necessary to transmit it. (Location 1024)
- Cyber security controls are the tools and techniques by which levels of security attributes can be applied to a system. A significant amount of applied research has focused on building security controls. (Location 1199)
- All security controls must reflect a policy. A control without a policy is meaningless and policy without a control is useless. (Location 1202)
- cyber space is constantly in flux as new technologies, hardware, and software are developed. (Location 1412)
- Cyber security science is not for answering the question of “what are the physics of cyber space,” but instead “what physics of cyber space would be necessary to achieve the behavior/response we want and how do we create that cyber space.” (Location 1419)
- The metaphysical nature of cyber space is also different than physical space as we still lack the mathematical constructs to define it. Geometry is a math of defining physical space where blocks of matter and mass can be mathematically described. We lack this ability to define cyber space. Length, distance, and other measures have no bearing in cyber space. In addition, concepts such as force in physical space also has no known corollary in cyber space. What all of this means is that there has not been any discovered first principles of cyber space. (Location 1479)
Chapter 3 - Starting your reserarch
Chapter Objectives
- Introduce the process of starting research
- Explain the different types of research, what they are best suited for, and how they fit together
- Help you decide which type of research via a branching decision tree
- Explain literature surveys and provide helpful resources
- Help define the next steps to executing your research
Highlights
- The critical step in conducting research is not the initial inspiration, but rather the follow through of it. (Location 1642)
- Science is a journey of discovery and knowledge acquisition. Science seeks to answer questions and explain the riddles of the universe, as compared to engineering that seeks to design and develop solutions to address specific problems. In practice, the line between science and engineering is often quite blurred, as questions are answered in pursuit of solutions and engineering is required to even pose the questions needed. (Location 1658)
- The scientific process starts with a question. This question could be general or quite specific; it could be inspired by previous work, or events that are seemingly innocuous from your life outside of work. (Location 1666)
- Albert Einstein has been historically attributed as saying, “If we knew what we were doing it wouldn’t be called research, would it?” (Location 1670)
- Observational research is useful when you are trying to understand a real cyber system (and the associated technosocial behavior). This type of research is best to answer open-ended or comparatively broad research questions. In general, observational research methods include sensing of real-world environments and data mining for discovery of interesting artifacts. (Location 1749)
- as Dr. Talib describes in his book, Black Swan,19 rare events are often retroactively explained, and the public, or indeed a researcher’s ability to predict the likelihood of a rare cyber event is fraught with assumptions or failures. (Location 1971)
Chapter 4 - Exploratory Study
Objectives
- Discuss data collection as it relates to observational studies
- Introduce the different types of exploratory studies - Ecological, Longitudinal/Cohort studies, Cross-sectional, Case-control studies
- Explain analysis bias
- Discuss the design and presentation of exploratory studies
Chapter 5 - Descriptive Study
Objectives
- Introduce descriptive studies
- Discuss descriptive study methods - Case study, Surveys, Case reports
- Address data collection as it relates to observational study in general
- Discuss the design and presentation of exploratory studies
Chapter 6 - Machine Learning
Objectives
- Introduce machine learning
- Discuss model validation
- Explore the use of Bayesian networks and hidden Markov models in cyber security research
Chapter 7 - Theoretical Research
- A theory is a proposed model or inner working of why a system behaves in a specific way. (Location 4205)
- in science, a theory represents a foundational piece of knowledge around which research and even fields of research are built. (Location 4206)
- It starts as a belief based on observations. This belief is a cognitive model that can be formulated with language. (Location 4208)
- A formal definition of a theory is a mathematical representation of the behavior of a system. A theory that has significant empirical support and is widely accepted becomes a law. (Location 4209)
- A lemma is an intermediate step or component of a larger theory. (Location 4223)
- Good theory should be coherent, parsimonious, and systematic explanation or view of phenomena, events, situations, and behaviors. Beyond that, it must be predicative. (Location 4249)