An Adversarial Risk Analysis Framework for Cybersecurity

Journal article (2019)

Authors

David Rios Insua Spanish National Research Council

Aitor Couce-Vieira Spanish National Research Council

Jose A. Rubio Universidad Complutense de Madrid

W. Pieters Organisation & Governance -

K. Labunets Organisation & Governance -

Daniel G. Rasines Imperial College London

Research Group

Organisation & Governance () (TU Delft)

DOI: https://doi.org/10.1111/risa.13331

Cybersecurity Resource allocation Risk analysis Cyber insurance Adversarial risk analysis

To reference this document use:

http://resolver.tudelft.nl/uuid:54f5a119-c4c9-4665-a085-a78f25479837

More Info

expand_more

Published Date

2019

Language

English

Faculty

Technology, Policy and Management

Department

Multi Actor Systems

Research Group

Organisation & Governance

Abstract

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems.

Files

Insua_et_al_2019_Risk_Analysis... (.pdf)

(.pdf | 1.09 Mb)