CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


College of Computing and Engineering


Gertrude W. Abramson

Committee Member

Steven R. Terrell

Committee Member

Kim Round


cloud security, cyber key terrain, cybersecurity, mission mapping, risk management framework, terrain analysis


Key terrain is a concept that is relevant to warfare, military strategy, and tactics. A good general maps out terrain to identify key areas to protect in support of a mission (i.e., a bridge allowing for mobility of supplies and reinforcements). Effective ways to map terrain in Cyberspace (KT-C) has been an area of interest for researchers in Cybersecurity ever since the Department of Defense designated Cyberspace as a warfighting domain. The mapping of KT-C for a mission is accomplished by putting forth efforts to understand and document a mission's dependence on Cyberspace and cyber assets. A cloud Cybersecurity Service Provider (CSSP) continuously monitors the network infrastructure of an information system in the cloud ensuring its security posture is within acceptable risk. This research is focused on mapping the key terrain that supports the continuous monitoring mission of a cloud CSSP.

Traditional methods to map KT-C have been broad. Success has been difficult to achieve due to the unique nature of the Cyberspace domain when compared to traditional warfighting domains. This work focuses on a specific objective or mission within cyberspace. It is a contextual approach to identify and map key terrain in cyberspace. Mapping is accomplished through empirical surveys conducted on Cybersecurity professionals with various years of experience working in a cloud or CSSP environment. The background of the Cybersecurity professionals participating in the survey will include United States Government personnel/contractors, and other Cybersecurity practitioners in the private sector. This process provided an approach to identify and map key terrain in a contextual manner specific to the mission of a typical cloud CSSP. Practitioners can use it as a template for their specific cloud CSSP mission.