Filters








762 Hits in 4.7 sec

Risk Assessment Uncertainties in Cybersecurity Investments

Andrew Fielder, Sandra König, Emmanouil Panaousis, Stefan Schauer, Stefan Rass
2018 Games  
Existing models empower organizations to compute optimal cybersecurity strategies given their financial constraints, i.e., available cybersecurity budget.  ...  the final expected loss of the organization when utilising a game-theoretic model and methodology to derive these strategies.  ...  A solution Ψ takes exactly one solution (i.e., equilibrium or cybersecurity plan) for each control as a policy for implementation.  ... 
doi:10.3390/g9020034 fatcat:aciusom2ubatdk273mhht7dshm

Cybersecurity Games and Investments: A Decision Support Approach [chapter]

Emmanouil Panaousis, Andrew Fielder, Pasquale Malacaria, Chris Hankin, Fabrizio Smeraldi
2014 Lecture Notes in Computer Science  
We believe our work can be used to advise security managers on how they should spend an available cybersecurity budget given their organization profile.  ...  To this end, we first model the cybersecurity environment of an organization.  ...  In fact, in this paper we model this cybersecurity investment optimization problem as a 0-1 Multiple-Choice Multi-Objective Knapsack Problem.  ... 
doi:10.1007/978-3-319-12601-2_15 fatcat:5jt5ttzsgzdldbktvx6ttmcray

A framework for incorporating insurance in critical infrastructure cyber risk strategies

Derek Young, Juan Lopez, Mason Rice, Benjamin Ramsey, Robert McTasney
2016 International Journal of Critical Infrastructure Protection  
The framework implements optimization techniques to suggest levels of investment for both cybersecurity and insurance for critical infrastructure owners and operators.  ...  Critical infrastructure owners and operators want to minimize their cyber risk and expenditures on cybersecurity.  ...  Acknowledgements I would like to thank LTC Mason Rice, Maj Benjamin Ramsey and Dr. Robert Mactasney for all the insight and guidance that was provided throughout the course of this research.  ... 
doi:10.1016/j.ijcip.2016.04.001 fatcat:44zrkcravnetvaob5zdxfqyvby

Cyber Risk Assessment for Capital Management [article]

Wing Fung Chong, Runhuan Feng, Hins Hu, Linfeng Zhang
2022 arXiv   pre-print
This paper presents a novel model to capture these unique dynamics of cyber risk known from engineering and to model loss distributions based on industry loss data and a particular company's cybersecurity  ...  The analysis leads to a new tool for allocating resources of the company between cybersecurity investments and loss-absorbing reserves.  ...  Acknowledgments Wing Fung Chong, Runhuan Feng, Hins Hu, and  ... 
arXiv:2205.08435v2 fatcat:zp23j56zi5fellstpwztljxcna

Enterprise-oriented Cybersecurity Management

Tomasz Chmielecki, Piotr Chołda, Piotr Pacyna, Paweł Potrawka, Norbert Rapacz, Rafał Stankiewicz, Piotr Wydrych
2014 Proceedings of the 2014 Federated Conference on Computer Science and Information Systems  
In this paper, we present a view on cybersecurity management as an enterprise-centered process, and we advocate the use of enterprise architecture in security management.  ...  A set of useful frameworks and tools is presented and discussed.  ...  A fragment of an example cybersecurity meta-model is shown in Fig. 2 (see for instance [7] for an alternative model).  ... 
doi:10.15439/2014f38 dblp:conf/fedcsis/ChmieleckiCPPRSW14 fatcat:y2jr33mrg5avxmvqyigfievrmu

An Adversarial Risk Analysis Framework for Cybersecurity

David Rios Insua, Aitor Couce‐Vieira, Jose A. Rubio, Wolter Pieters, Katsiaryna Labunets, Daniel G. Rasines
2019 Risk Analysis  
Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards.  ...  We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio.  ...  Fig. 3 . 3 Cybersecurity risk management. We add to Fig. 4 . 4 Cyber insurance for cybersecurity risk management.  ... 
doi:10.1111/risa.13331 pmid:31183890 fatcat:3rpykbvks5c3bfajpu5dehblte

An Adversarial Risk Analysis Framework for Cybersecurity [article]

David Rios Insua, Aitor Couce Vieira, Jose Antonio Rubio, Wolter Pieters, Katsiaryna Labunets, Daniel Garcia Rasines
2019 arXiv   pre-print
Many risk analysis methods are present in cybersecurity models, compliance frameworks and international standards.  ...  We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both adversarial and non-intentional threats and the use of insurance as part of the security portfolio.  ...  ) to assess the cost effectiveness of a cybersecurity budget [15, 37] .  ... 
arXiv:1903.07727v1 fatcat:nw4k6ucyefftvau6z4tgebasie

Systematically Understanding Cybersecurity Economics: A Survey

Mazaher Kianpour, Stewart J. Kowalski, Harald Øverby
2021 Sustainability  
Insights in the field of cybersecurity economics empower decision makers to make informed decisions that improve their evaluation and management of situations that may lead to catastrophic consequences  ...  models.  ...  Acknowledgments: The authors greatly appreciate the thoughtful comments and suggestions of the anonymous reviewers. Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/su132413677 fatcat:x2had2s5rbebzk63uss6surti4

Risk Management Using Cyber-Threat Information Sharing and Cyber-Insurance [chapter]

Deepak K. Tosh, Sachin Shetty, Shamik Sengupta, Jay P. Kesan, Charles A. Kamhoua
2017 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
We model a standard game theoretic participation model for cybersecurity information exchange (CYBEX) and discuss the applicability of economic tools in addressing important issues related to CYBEX and  ...  We also pose several open research challenges, which need to be addressed for developing a robust cyber-risk management capability.  ...  The Cybersecurity National Action Plan (CNAP) from U.S. government was proposed in the year 2016 to come up with long-term strategies for fostering cybersecurity awareness, maintain public safety, and  ... 
doi:10.1007/978-3-319-67540-4_14 fatcat:6qfnk3n225d2zbnfayv6pztjui

A Socio-technical Systems Approach to Design and Support Systems Thinking in Cybersecurity and Risk Management Education

Erjon Zoto, Mazaher Kianpour, Stewart James Kowalski, Edgar Alonso Lopez-Rojas
2019 Complex Systems Informatics and Modeling Quarterly  
There is a gap between what companies and institutions plan to do while developing their internal IS-related policies and what should be done according to a multi-stakeholder system perspective in this  ...  Cybersecurity decisions are made across a range of social, technical, economic, regulatory and political domains.  ...  due to cyber-attacks, 3) plan, formulate and make different risk quantification analyses for managing cases of cyber events, and 4) evaluate return on investment for information security spending.  ... 
doi:10.7250/csimq.2019-18.04 fatcat:jc4gkydhcjgjxohx6lfap5akee

Optimum Spending on Cybersecurity Measures: Part II

Sherita Tara Kissoon
2021 Journal of Information Security  
This research resulted in the development of a cyber risk investment model and a digital cybersecurity risk management framework.  ...  digital cyber risk model: 1) technology landscape and application portfolio; 2) data centric focus; 3) risk management practices; 4) cost-benefit analysis for cybersecurity measures; and 5) strategic  ...  Combining this idea with a constructionist position would allow for many different realities, facilitating a research design that would gather multiple viewpoints.  ... 
doi:10.4236/jis.2021.121007 fatcat:jr4tit6sdrdcbphisq3dhvtcbe

Field trial with tactical bubbles for mission critical communications

Marjo Heikkilä, Pekka Koskela, Jani Suomalainen, Kalle Lähetkangas, Tero Kippola, Pentti Eteläaho, Juha Erkkilä, Ari Pouttu
2021 Transactions on Emerging Telecommunications Technologies  
The performance and coverage of the tactical bubbles are evaluated in a trial, which represents authorities' search operations in a rural environment with hills, forests, and swamps.  ...  Main research and development interest of 5G and beyond systems are focusing on solution for populated and hot spot areas, but public safety authorities need reliable communication solutions in rural and  ...  The authors would like to thank Heidi Kaartinen and Ossi Saukko for helping us with data visualization.  ... 
doi:10.1002/ett.4385 fatcat:wceczfa2m5epbn4a6afveygtda

Manage Risk in the Language of Business [chapter]

Dan Blum
2020 Rational Cybersecurity for Business  
Malcolm Harkins, CISO Businesses have different ways of holding business leaders accountable for risk, and multiple models can work provided that the idea of managing risk tightly has top-level support  ...  31000 Risk Management In the ISO model, security and business leadership first set the context for risk.  ...  If the business doesn't yet have a formal information risk management program, look for improvement objectives in the section "Establish the Context for the Risk Program."  ... 
doi:10.1007/978-1-4842-5952-8_5 fatcat:gh3ueur3ibg37lpyw6xzpbz63q

Institute Resilience Through Detection, Response, and Recovery [chapter]

Dan Blum
2020 Rational Cybersecurity for Business  
It should be managed by a dedicated group (or person) that coordinates closely with security operations, legal, HR, and other functions.  ...  Businesses should develop response plans for common types of incidents and for potential incidents from top risk scenarios.  ...  Plan for Incident Response Recall from the "Develop Contingency Plans and Cybersecurity Strategy for Resilience" section that the cybersecurity strategy should set directions for both IR and monitoring  ... 
doi:10.1007/978-1-4842-5952-8_9 fatcat:52wtkyvlsvbv3d7kwcjmqlbl7e

Strengthening Cybersecurity with Cyber Insurance Markets and Better Risk Assessment

Jay P. Kesan, Carol Mullins Hayes
2017 Social Science Research Network  
NEED FOR A NEW, COMPREHENSIVE MODEL Cybersecurity is a crisis of our time.  ...  recommendations about recovery planning and how to implement and manage recovery plans. 97 Through the Cybersecurity Framework, the government has provided the private sector with centralized information  ...  While settlements did not account for a large number of our cases, over 26% of the cases we analyzed that examined personal or advertising injury provisions (Coverage B) ended in settlement.  ... 
doi:10.2139/ssrn.2924854 fatcat:n6wp3fytufcqhoyl327cu6e6le
« Previous Showing results 1 — 15 out of 762 results