Civil servants across the UK Government are working on policy advice for cyber security – but how they acquire and use evidence to make recommendations is not well understood.
This is important as the source and credibility of evidence affects the effectiveness and authority of the judgements made about threats, risks, mitigation and consequences.
View the policy brief on the RISCS website
This briefing sets out findings from the ECSEPA project on how evidence is being incorporated into developing effective cyber security policies across UK Government. It sets out the first iteration of a framework which rates evidence samples relative to each other based on source and credibility, designed to help policy makers assess the credibility of their evidence.
Funder
EPSRC
Lead researchers
Professor Madeline Carr (UCL STEaPP) and Professor Siraj Shaikh (Coventry University)
Output type
Policy brief
PIU lead
Florence Greatrix