Please choose your delivery country and your customer group
Mission based cyber risk assessments (MBCRAs) are methodologies used to identify, estimate, assess and prioritize cybersecurity risks for hardware and information systems being employed in operations. Current Department of Defense (DoD) policy does not provide any guidance on how to evaluate the quality of mission-based cyber risk assessment methodologies; nor does it define specific criteria to examine or results that must be generated by MBCRAs to inform system security decisions. This Institute for Defense Analyses (IDA) developed a 30 question survey to better understand the use of and needs from MBCRAs across DoDs cyber test and evaluation community and analyzed the responses. This analysis provides information in an on-going effort to inform DoDs development of evaluation criteria for MBCRA methodologies.