An Adversarial Risk Analysis Framework for Cybersecurity

An Adversarial Risk Analysis Framework for Cybersecurity

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity model...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Risk analysis 2021-01, Vol.41 (1), p.16-36
Hauptverfasser: Rios Insua, David, Couce‐Vieira, Aitor, Rubio, Jose A., Pieters, Wolter, Labunets, Katsiaryna, G. Rasines, Daniel
Format: Artikel
Sprache:eng
Schlagworte:
Adversarial risk analysis
Computer security
cyber insurance
Cybersecurity
Insurance
International standards
Life Sciences & Biomedicine
Mathematical Methods In Social Sciences
Mathematics
Mathematics, Interdisciplinary Applications
Matrices
Original
Original s
Physical Sciences
Public, Environmental & Occupational Health
Resource allocation
Risk analysis
Risk assessment
Science & Technology
Security
Social Sciences
Social Sciences, Mathematical Methods
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems.
ISSN:0272-4332
1539-6924
DOI:10.1111/risa.13331