Library
local_library Home Repository

An Adversarial Risk Analysis Framework for Cybersecurity

Journal Article (2019)
Author(s)

David Ríos Insua (Consejo Superior de Investigaciones Científicas CSIC)

Aitor Couce-Vieira (Consejo Superior de Investigaciones Científicas CSIC)

Jose A. Rubio (Universidad Complutense de Madrid)

W. Pieters (TU Delft - Organisation & Governance)

Katiaryna Labunets (TU Delft - Organisation & Governance)

Daniel G. Rasines (Imperial College London)

Research Group
Organisation & Governance
Copyright
© 2019 David Rios Insua, Aitor Couce-Vieira, Jose A. Rubio, W. Pieters, K. Labunets, Daniel G. Rasines
DOI related publication
https://doi.org/10.1111/risa.13331
More Info
expand_more
Publication Year
2019
Language
English
Copyright
© 2019 David Rios Insua, Aitor Couce-Vieira, Jose A. Rubio, W. Pieters, K. Labunets, Daniel G. Rasines
Research Group
Organisation & Governance
Issue number
1
Volume number
41
Pages (from-to)
16-36
Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems.