Cyber risk analysis and valuation: a new combinatorial models and systems approach Online publication date: Thu, 17-Aug-2017
by Phillip King-Wilson
International Journal of Business Continuity and Risk Management (IJBCRM), Vol. 7, No. 2, 2017
Abstract: Cyber threat assessment requires threat identification and quantification for critical tasks such as risk management, underwriting and regulatory compliance. Traditional risk assessment models are used to determine threats, business impact and probability of a successful attack. However, analysis models exist, external to the IT security sector that can provide input to risk models to improve cloud computing applicability and error rate reduction in threat identification technologies for enhanced accuracy. Cloud computing and virtualisation have changed the cyber threat vector environment. Cloud utilisation options have new risk implications and their architectures require an alternative form of loss modelling to account for the various levels, location and utilisation at which an attack may take place. This paper proposes a combinatorial modelling and systems approach to assessing and valuing cyber threats, based upon the need to satisfy regulatory bodies to financially quantify such threats in an empirical and transparent manner. Epidemiological models for assessing error rates are combined within an extrapolation algorithm for cyber threats, increasing assessment accuracy. A cascading threat multiplier is used to reformulate traditional single loss expectancy risk models.
Online publication date: Thu, 17-Aug-2017
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Business Continuity and Risk Management (IJBCRM):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.If you still need assistance, please email email@example.com