Jackson and Russell developed the Cybersecurity Assessment Parameter Profile (CAPP), a tool for making sense of cybersecurity assessments, during their tenure as temporary faculty at NSWC Crane.
The paper seeks to answer three core questions of interest to those developing, conducting, or being hammered with cybersecurity assessments: How can decision makers (1) identify the salient differences between existing cybersecurity assessments; (2) select the most appropriate cybersecurity assessments for their missions, resources, and constraints; and (3) find and fill gaps in the cybersecurity assessment ecosystem?
The framework uses a cohesive set of eight parameters to characterize cybersecurity assessments, and introduces the Cybersecurity Assessment Parameters Profile (CAPP) tool, which aids decision makers in applying the parameters to cybersecurity assessments. Each parameter is a non-categorical spectrum, whose extremes offer both utility and limitations. Each parameter offers a meaningful choice for cybersecurity decision makers, as every parameter value is desirable for some assessment scenario.