摘要:I. Introduction II. The Concept of Stovepiping III. Stovepiping in Cybersecurity ... A. Policy Making, Complexity, and Change ... B. Complex Passwords: A Case Study ... 1. Fundamentals of Password Complexity ... 2. “Guessability”—the False Assumption ... a. Password Guessing via Authentication (Login) Interfaces ... b. Password Guessing via Unprotected/Unsanitized Service ... c. Offline Password Attacks ... 3. “Defense in Depth”—Measuring Marginal Benefit IV. Implications of the Stovepiping Disjuncture ... A. Addressing the Same Question … B. Overcoming Policy Entrenchment ... C. Risk-Analytic Framework for Cybersecurity V. Conclusion
