Information security has become a crucial issue not only from the technical standpoint, but also from the managerial standpoint. The necessity for organizations to understand and manage cyber risk has led to the rise of a plethora of risk assessment methods and tools. These approaches are often difficult to interpret and complex to manage for organizations. In this paper, we propose a simple and quantitative method for the estimation of the likelihood of occurrence of a cyber incident. Our approach uses a generalized logistic function and a cumulative geometric distribution to combine the maturity and the complexity of the technical infrastructure of an organization with its attractiveness towards cyber criminals.
A functional approach to cyber risk assessment / Rafaiani, Giulia; Battaglioni, Massimo; Baldi, Marco; Chiaraluce, Franco; Libertini, Giovanni; Spalazzi, Luca; Cancellieri, Giovanni. - ELETTRONICO. - (2021). (Intervento presentato al convegno AEIT 2021 International Annual Conference tenutosi a Virtual Event nel 4/8 October 2021) [10.23919/AEIT53387.2021.9626970].
A functional approach to cyber risk assessment
Giulia Rafaiani
;Massimo Battaglioni
;Marco Baldi;Franco Chiaraluce;Luca Spalazzi;Giovanni Cancellieri
2021-01-01
Abstract
Information security has become a crucial issue not only from the technical standpoint, but also from the managerial standpoint. The necessity for organizations to understand and manage cyber risk has led to the rise of a plethora of risk assessment methods and tools. These approaches are often difficult to interpret and complex to manage for organizations. In this paper, we propose a simple and quantitative method for the estimation of the likelihood of occurrence of a cyber incident. Our approach uses a generalized logistic function and a cumulative geometric distribution to combine the maturity and the complexity of the technical infrastructure of an organization with its attractiveness towards cyber criminals.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
