 A framework for quantifying cyber security risksReinder Wolthuis,
Frank Phillipson,
Hidde-Jan Jongsma and
Peter Langenkamp
Cyber Security: A Peer-Reviewed Journal, 2021, vol. 4, issue 4, 302-316 Abstract: Recent years have seen an increasing amount of information becoming available which is of benefit to the security risk process. Traditionally, security risk management is an asset-based, qualitative process based on expert opinion and information at hand; periodically a group of experts assesses applicable risks and determines correct risk levels and whether new risks should be added to the list. This paper proposes a threat-based, traceable quantitative risk management approach that uses current information to quantify risks. This leads to a near real-time risk process, where available information is processed, and the risks are automatically updated. The approach was tested in practice at the main banks in the Netherlands. Keywords: quantified cyber security; Bayesian belief network; real-time monitoring; model based (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2021:v:4:i:4:p:302-316 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.