We are thrilled to share our new policy briefing based on the Evaluating Cyber Security Evidence for Policy Advice” (ECSEPA) project led by Professor Madeline Carr (UCL) and Professor Siraj Shaikh (Coventry University).

Civil servants across the UK Government are working on policy advice for cyber security – but how they acquire and use evidence to make recommendations is not well understood. This is important as the source and credibility of evidence affects the effectiveness and authority of the judgements made about threats, risks, mitigation and consequences. 

This briefing sets out findings from the ECSEPA project on how evidence is being incorporated into developing effective cyber security policies across UK Government. It sets out the first iteration of a framework which rates evidence samples relative to each other based on source and credibility, designed to help policy makers assess the credibility of their evidence.

In this briefing, we ask policy stakeholders the following questions: 

  • How could a tool for assessing evidence quality change the way you use evidence?   
  • How could the next iteration of this framework be improved? 
  • What are the outstanding barriers and challenges to developing good cybersecurity policy? How can the research community support this?

You can access the briefing here:

Please contact Flo, RISCS Policy Adviser, at f.greatrix@ucl.ac.uk if you would like more information on this research or have thoughts on the questions. Equally if you are a RISCS researcher considering engaging with policy stakeholders and would like information or support about how to do this, please get in touch.