The challenge of decision-making under uncertainty in information security has become increasingly important, given the unpredictable probabilities and effects of events in the ever-changing cyber threat landscape. Cyber threat intelligence provides decision-makers with the necessary information and context to understand and anticipate potential threats, reducing uncertainty and improving the accuracy of risk analysis. The latter is a principal element of evidence-based decision-making, and it is essential to recognize that addressing uncertainty requires a new, threat-intelligence driven methodology and risk analysis approach. We propose a solution to this challenge by introducing a threat-intelligence based security assessment methodology and a decision-making strategy that considers both known unknowns and unknown unknowns. The proposed methodology aims to enhance the quality of decision-making by utilizing causal graphs, which offer an alternative to conventional methodologies that rely on attack trees, resulting in a reduction of uncertainty. Furthermore, we consider tactics, techniques, and procedures that are possible, probable, and plausible, improving the predictability of adversary behavior. Our proposed solution provides practical guidance for information security leaders to make informed decisions in uncertain situations. This paper offers a new perspective on addressing the challenge of decision-making under uncertainty in information security by introducing a methodology that can help decision-makers navigate the intricacies of the dynamic and continuously evolving landscape of cyber threats.

翻译：在信息安全领域，面对不断变化的网络威胁格局中事件概率和影响的不确定性，决策挑战日益重要。网络威胁情报为决策者提供了必要的背景信息与情境认知，以理解和预判潜在威胁，从而降低不确定性并提升风险分析的准确性。后者是基于证据的决策的核心要素，必须认识到处理不确定性需要一种全新的、由威胁情报驱动的方法论与风险分析路径。我们通过引入一种基于威胁情报的安全评估方法论和决策策略来应对这一挑战，该方法同时考虑已知的未知与未知的未知。所提出的方法论旨在通过使用因果图来提升决策质量——因果图替代了依赖攻击树的传统方法，从而减少不确定性。此外，我们考虑了可能、概率性及合理的战术、技术与程序，提高了对攻击者行为的可预测性。我们的解决方案为信息安全领导者提供了在不确定情境下做出明智决策的实用指导。本文通过引入一种能够帮助决策者驾驭动态且持续演变的网络威胁格局复杂性的方法论，为应对信息安全领域不确定性决策挑战提供了全新视角。