A Multivariate Model to Quantify and Mitigate Cybersecurity Risk
作者: Mark Bentley , Alec Stephenson , Peter Toscas , Zili Zhu
DOI: 10.3390/RISKS8020061
关键词:
摘要: The cost of cybersecurity incidents is large and growing. However, conventional methods for measuring loss choosing mitigation strategies use simplifying assumptions are often not supported by cyber attack data. In this paper, we present a multivariate model different, dependent types the effect on those attacks. Utilising collected data approaches, look at an example using to optimise choice mitigations. We find that optimal mitigations will depend goal—to prevent extreme damages or damage average. Numerical experiments suggest dependence aspect important can alter final risk estimates as much 30%. methodology be used quantify attacks support decision making strategies.
mdpi.com
sci-hub.st 参考文章(23)
V. Chavez-Demoulin, P. Embrechts, J. Nešlehová, Quantitative models for operational risk: Extremes, dependence and aggregation Journal of Banking & Finance. ,vol. 30, pp. 2635- 2658 ,(2006) , 10.1016/J.JBANKFIN.2005.11.008
R. Baskerville, Risk analysis: an interpretive feasibility tool in justifying information systems security European Journal of Information Systems. ,vol. 1, pp. 121- 130 ,(1991) , 10.1057/EJIS.1991.20
Jingguo Wang, Aby Chaudhury, H. Raghav Rao, Research Note---A Value-at-Risk Approach to Information Security Investment Information Systems Research. ,vol. 19, pp. 106- 120 ,(2008) , 10.1287/ISRE.1070.0143
Rok Bojanc, Borka Jerman-Blažič, Towards a standard approach for quantifying an ICT security investment Computer Standards & Interfaces. ,vol. 30, pp. 216- 222 ,(2008) , 10.1016/J.CSI.2007.10.013
Philippe Artzner, Freddy Delbaen, Jean-Marc Eber, David Heath, Coherent Measures of Risk Mathematical Finance. ,vol. 9, pp. 203- 228 ,(1999) , 10.1111/1467-9965.00068
Yong Jick Lee, Robert J. Kauffman, Ryan Sougstad, Profit-maximizing firm investments in customer information security decision support systems. ,vol. 51, pp. 904- 920 ,(2011) , 10.1016/J.DSS.2011.02.009
Lawrence A. Gordon, Martin P. Loeb, The economics of information security investment ACM Transactions on Information and System Security. ,vol. 5, pp. 438- 457 ,(2002) , 10.1145/581271.581274
Tadeusz Sawik, Selection of optimal countermeasure portfolio in IT security planning decision support systems. ,vol. 55, pp. 156- 164 ,(2013) , 10.1016/J.DSS.2013.01.001
John Gurland, Some applications of the negative binomial and other contagious distributions. American Journal of Public Health. ,vol. 49, pp. 1388- 1399 ,(1959) , 10.2105/AJPH.49.10.1388
Christian Genest, Anne-Catherine Favre, Everything You Always Wanted to Know about Copula Modeling but Were Afraid to Ask Journal of Hydrologic Engineering. ,vol. 12, pp. 347- 368 ,(2007) , 10.1061/(ASCE)1084-0699(2007)12:4(347)