Affordable Access

Access to the full text

A Multivariate Model to Quantify and Mitigate Cybersecurity Risk

Authors
  • bentley, mark
  • stephenson, alec
  • toscas, peter
  • zhu, zili
Publication Date
Jun 04, 2020
Identifiers
DOI: 10.3390/risks8020061
OAI: oai:mdpi.com:/2227-9091/8/2/61/
Source
MDPI
Keywords
Language
English
License
Green
External links

Abstract

The cost of cybersecurity incidents is large and growing. However, conventional methods for measuring loss and choosing mitigation strategies use simplifying assumptions and are often not supported by cyber attack data. In this paper, we present a multivariate model for different, dependent types of attack and the effect of mitigation strategies on those attacks. Utilising collected cyber attack data and assumptions on mitigation approaches, we look at an example of using the model to optimise the choice of mitigations. We find that the optimal choice of mitigations will depend on the goal&mdash / to prevent extreme damages or damage on average. Numerical experiments suggest the dependence aspect is important and can alter final risk estimates by as much as 30%. The methodology can be used to quantify the cost of cyber attacks and support decision making on the choice of optimal mitigation strategies.

Report this publication

Statistics

Seen <100 times