Print Email Facebook Twitter An Adversarial Risk Analysis Framework for Cybersecurity Title An Adversarial Risk Analysis Framework for Cybersecurity Author Rios Insua, David (Spanish National Research Council) Couce-Vieira, Aitor (Spanish National Research Council) Rubio, Jose A. (Universidad Complutense de Madrid) Pieters, W. (TU Delft Organisation & Governance) Labunets, K. (TU Delft Organisation & Governance) G. Rasines, Daniel (Imperial College London) Date 2019 Abstract Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems. Subject Adversarial risk analysiscyber insurancecybersecurityresource allocationrisk analysis To reference this document use: http://resolver.tudelft.nl/uuid:54f5a119-c4c9-4665-a085-a78f25479837 DOI https://doi.org/10.1111/risa.13331 ISSN 0272-4332 Source Risk Analysis: an international journal, 41 (1), 16-36 Part of collection Institutional Repository Document type journal article Rights © 2019 David Rios Insua, Aitor Couce-Vieira, Jose A. Rubio, W. Pieters, K. Labunets, Daniel G. Rasines Files PDF Insua_et_al_2019_Risk_Analysis.pdf 1.09 MB Close viewer /islandora/object/uuid:54f5a119-c4c9-4665-a085-a78f25479837/datastream/OBJ/view