EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Cyber risk analysis and valuation: a new combinatorial models and systems approach

Phillip King-Wilson

International Journal of Business Continuity and Risk Management, 2017, vol. 7, issue 2, 151-178

Abstract: Cyber threat assessment requires threat identification and quantification for critical tasks such as risk management, underwriting and regulatory compliance. Traditional risk assessment models are used to determine threats, business impact and probability of a successful attack. However, analysis models exist, external to the IT security sector that can provide input to risk models to improve cloud computing applicability and error rate reduction in threat identification technologies for enhanced accuracy. Cloud computing and virtualisation have changed the cyber threat vector environment. Cloud utilisation options have new risk implications and their architectures require an alternative form of loss modelling to account for the various levels, location and utilisation at which an attack may take place. This paper proposes a combinatorial modelling and systems approach to assessing and valuing cyber threats, based upon the need to satisfy regulatory bodies to financially quantify such threats in an empirical and transparent manner. Epidemiological models for assessing error rates are combined within an extrapolation algorithm for cyber threats, increasing assessment accuracy. A cascading threat multiplier is used to reformulate traditional single loss expectancy risk models.

Keywords: network threat assessment; process interdependency; risk management; combinatorial models; systems; cyber threat valuation; business continuity; epidemiology; cascading threat multiplier; CTM; cloud computing; IT security; cyber threat prediction; regulation; compliance. (search for similar items in EconPapers)
Date: 2017
References: Add references at CitEc
Citations:

Downloads: (external link)
http://www.inderscience.com/link.php?id=86070 (text/html)
Access to full text is restricted to subscribers.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:ids:ijbcrm:v:7:y:2017:i:2:p:151-178

Access Statistics for this article

More articles in International Journal of Business Continuity and Risk Management from Inderscience Enterprises Ltd
Bibliographic data for series maintained by Sarah Parker ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:ids:ijbcrm:v:7:y:2017:i:2:p:151-178