An adversarial risk analysis framework for cybersecurity

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity model...

Descripción completa

Detalles Bibliográficos
Autores: Ríos Insua, David, Couce-Vieira, Aitor, Rubio, Jose A., Pieters, Wolter., Labunets, Katsiaryna, Rasines, Daniel G.
Tipo de recurso: artículo
Estado:Versión aceptada para publicación
Fecha de publicación:2019
País:España
Institución:Consejo Superior de Investigaciones Científicas (CSIC)
Repositorio:DIGITAL.CSIC. Repositorio Institucional del CSIC
OAI Identifier:oai:digital.csic.es:10261/196561
Acceso en línea:http://hdl.handle.net/10261/196561
Access Level:acceso abierto
Palabra clave:Insurance
Analysis
Risk
Adversarial
Cyber
Cybersecurity
Resource
Allocation
Descripción
Sumario:Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems.