Assessing and forecasting cybersecurity impacts

Cyberattacks constitute a major threat to most organizations. Beyond financial consequences, they may entail multiple impacts that need to be taken into account when making risk management decisions to allocate the required cybersecurity resources. Experts have traditionally focused on a technical p...

Descripción completa

Detalles Bibliográficos
Autores: Couce-Vieira, Aitor, Insua, David Rios, Kosgodagan, Alex
Tipo de recurso: artículo
Fecha de publicación:2020
País:España
Institución:Consejo Superior de Investigaciones Científicas (CSIC)
Repositorio:DIGITAL.CSIC. Repositorio Institucional del CSIC
OAI Identifier:oai:digital.csic.es:10261/347765
Acceso en línea:http://hdl.handle.net/10261/347765
https://api.elsevier.com/content/abstract/scopus_id/85098555888
Access Level:acceso abierto
Palabra clave:Cybersecurity
Expert judgement
Forecasting
Multiattribute utility
Risk management
Descripción
Sumario:Cyberattacks constitute a major threat to most organizations. Beyond financial consequences, they may entail multiple impacts that need to be taken into account when making risk management decisions to allocate the required cybersecurity resources. Experts have traditionally focused on a technical perspective of the problem by considering impacts in relation with the confidentiality, integrity, and availability of information. We adopt a more comprehensive approach identifying a broader set of generic cybersecurity objectives, the corresponding set of attributes, and relevant forecasting and assessment models. These are used as basic ingredients for decision support in cybersecurity risk management.