An Adversarial Risk Analysis Framework for Cybersecurity [article]

David Rios Insua, Aitor Couce Vieira, Jose Antonio Rubio, Wolter Pieters, Katsiaryna Labunets, Daniel Garcia Rasines
2019 arXiv   pre-print
Cyber threats affect all kinds of organisations. Risk analysis is an essential methodology for cybersecurity as it allows organisations to deal with the cyber threats potentially affecting them, prioritise the defence of their assets and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to
more » ... mal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both adversarial and non-intentional threats and the use of insurance as part of the security portfolio. A case study illustrating the proposed framework is presented, serving as template for more complex cases.
arXiv:1903.07727v1 fatcat:nw4k6ucyefftvau6z4tgebasie