Nowadays, cyber security plays a crucial role for any organization. Na-tional and international data protection regulations require particular attention tocyber risk assessment and cyber risk management. Many efforts have been devotedto the development of efficient tools and methods for cyber risk assessment. How-ever, existing methodologies often lack straightforwardness, and their implementa-tion is difficult in real case scenarios. The aim of this paper is to provide an intuitivebut quantitative model to estimate the likelihood of occurrence of a cyber threat in acertain period of time. Then, a cyber risk index can be obtained by multiplying sucha quantity by the impact of the corresponding threat. Our model combines maturityand complexity indexes with the attractiveness of the considered organization byexploiting a generalized logistic function and the properties of conditional probabil-ities. Numerical examples are provided to confirm practicality of the method.
Cyber risk assessment: a pragmatic approach / Rafaiani, Giulia; Battaglioni, Massimo; Baldi, Marco; Chiaraluce, Franco. - ELETTRONICO. - (2021). (Intervento presentato al convegno The 1st International Conference on Information Technologies and Educational Engineering (ICITEE21) tenutosi a Tirana, Albania nel 19-20 Nov. 2021).
Cyber risk assessment: a pragmatic approach
Giulia Rafaiani
;Massimo Battaglioni
;Marco Baldi;Franco Chiaraluce
2021-01-01
Abstract
Nowadays, cyber security plays a crucial role for any organization. Na-tional and international data protection regulations require particular attention tocyber risk assessment and cyber risk management. Many efforts have been devotedto the development of efficient tools and methods for cyber risk assessment. How-ever, existing methodologies often lack straightforwardness, and their implementa-tion is difficult in real case scenarios. The aim of this paper is to provide an intuitivebut quantitative model to estimate the likelihood of occurrence of a cyber threat in acertain period of time. Then, a cyber risk index can be obtained by multiplying sucha quantity by the impact of the corresponding threat. Our model combines maturityand complexity indexes with the attractiveness of the considered organization byexploiting a generalized logistic function and the properties of conditional probabil-ities. Numerical examples are provided to confirm practicality of the method.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
