Cyber risk assessment is one of the top priorities of modern organizations and companies, owing to the massive amount of data they process on a daily basis and to the increasing number of successful cyber attacks. The probability of occurrence of these cyber incidents can be estimated by means of statistical tools, which exploit numerical categories to compute the probability that the organization will be breached by one or more cyber attacks. However, these approaches heavily rely on experts' estimates and/or on past data, which are not always available. In this paper we show that, by exploiting machine learning tools, cyber risk can be assessed by using some easily obtainable parameters (called maturity, complexity, attractiveness) representing the cyber posture of the organization under exam. To validate the method we propose, we apply it to three organizations in the healthcare sector having different values of maturity and complexity. The results highlight how the model can be successfully used to assign each organization a class of cyber risk, even in a crucial sector such as healthcare.
A Machine Learning-based Method for Cyber Risk Assessment / Rafaiani, Giulia; Battaglioni, Massimo; Compagnoni, Simone; Senigagliesi, Linda; Chiaraluce, Franco; Baldi, Marco. - ELETTRONICO. - (2023), pp. 263-268. (Intervento presentato al convegno IEEE 36th International Symposium on Computer Based Medical Systems (CBMS) 2023 tenutosi a L'Aquila, Italy nel 22-24 June) [10.1109/CBMS58004.2023.00228].
A Machine Learning-based Method for Cyber Risk Assessment
Giulia Rafaiani
;Massimo Battaglioni
;Linda Senigagliesi
;Franco Chiaraluce;Marco Baldi
2023-01-01
Abstract
Cyber risk assessment is one of the top priorities of modern organizations and companies, owing to the massive amount of data they process on a daily basis and to the increasing number of successful cyber attacks. The probability of occurrence of these cyber incidents can be estimated by means of statistical tools, which exploit numerical categories to compute the probability that the organization will be breached by one or more cyber attacks. However, these approaches heavily rely on experts' estimates and/or on past data, which are not always available. In this paper we show that, by exploiting machine learning tools, cyber risk can be assessed by using some easily obtainable parameters (called maturity, complexity, attractiveness) representing the cyber posture of the organization under exam. To validate the method we propose, we apply it to three organizations in the healthcare sector having different values of maturity and complexity. The results highlight how the model can be successfully used to assign each organization a class of cyber risk, even in a crucial sector such as healthcare.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
