An Adversarial Risk Analysis Framework for Cybersecurity

David Rios Insua*, Aitor Couce-Vieira, Jose A. Rubio, Wolter Pieters, Katsiaryna Labunets, Daniel G. Rasines

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

41 Citations (Scopus)
182 Downloads (Pure)

Abstract

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems.

Original languageEnglish
Pages (from-to)16-36
Number of pages21
JournalRisk Analysis
Volume41
Issue number1
DOIs
Publication statusPublished - 2019

Keywords

  • Adversarial risk analysis
  • cyber insurance
  • cybersecurity
  • resource allocation
  • risk analysis

Fingerprint

Dive into the research topics of 'An Adversarial Risk Analysis Framework for Cybersecurity'. Together they form a unique fingerprint.

Cite this