An adversarial risk analysis framework for cybersecurity

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity model...

Full description

Bibliographic Details
Authors: Ríos Insua, David, Couce-Vieira, Aitor, Rubio, Jose A., Pieters, Wolter., Labunets, Katsiaryna, Rasines, Daniel G.
Format: article
Status:Versión aceptada para publicación
Publication Date:2019
Country:España
Institution:Consejo Superior de Investigaciones Científicas (CSIC)
Repository:DIGITAL.CSIC. Repositorio Institucional del CSIC
OAI Identifier:oai:digital.csic.es:10261/196561
Online Access:http://hdl.handle.net/10261/196561
Access Level:Open access
Keyword:Insurance
Analysis
Risk
Adversarial
Cyber
Cybersecurity
Resource
Allocation
Description
Summary:Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems.