Related papers: QBER: Quantifying Cyber Risks for Strategic Decisions

QBER: Quantifying Cyber Risks for Strategic Decisions

URL: http://arxiv.org/abs/2405.03513v1
Date: Mon, 6 May 2024 14:25:58 GMT
Title: QBER: Quantifying Cyber Risks for Strategic Decisions
Authors: Muriel Figueredo Franco, Aiatur Rahaman Mullick, Santosh Jha,
Abstract summary: We introduce QBER approach to offer decision-makers measurable risk metrics. The QBER evaluates losses from cyberattacks, performs detailed risk analyses based on existing cybersecurity measures, and provides thorough cost assessments. Our contributions involve outlining cyberattack probabilities and risks, identifying Technical, Economic, and Legal (TEL) impacts, creating a model to gauge impacts, suggesting risk mitigation strategies, and examining trends and challenges in implementing widespread Cyber Risk Quantification (CRQ)
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Quantifying cyber risks is essential for organizations to grasp their vulnerability to threats and make informed decisions. However, current approaches still need to work on blending economic viewpoints to provide insightful analysis. To bridge this gap, we introduce QBER approach to offer decision-makers measurable risk metrics. The QBER evaluates losses from cyberattacks, performs detailed risk analyses based on existing cybersecurity measures, and provides thorough cost assessments. Our contributions involve outlining cyberattack probabilities and risks, identifying Technical, Economic, and Legal (TEL) impacts, creating a model to gauge impacts, suggesting risk mitigation strategies, and examining trends and challenges in implementing widespread Cyber Risk Quantification (CRQ). The QBER approach serves as a guided approach for organizations to assess risks and strategically invest in cybersecurity.

Related papers

AI security and cyber risk in IoT systems [9.461216629856853]
We present a dependency model tailored to the context of current challenges in data strategies. The model can be used for cyber risk estimation and assessment and generic risk impact assessment.
arXiv Detail & Related papers (2024-10-11T18:54:02Z)
Cyber Risk Taxonomies: Statistical Analysis of Cybersecurity Risk Classifications [0.0]
We argue in favour of switching the attention from goodness-of-fit and in-sample performance, to focusing on the out-of sample forecasting performance. Our results indicate that business motivated cyber risk classifications appear to be too restrictive and not flexible enough to capture the heterogeneity of cyber risk events.
arXiv Detail & Related papers (2024-10-04T04:12:34Z)
Disentangling the sources of cyber risk premia [0.0]
We use a machine learning algorithm to quantify firms' cyber risks based on their disclosures and a dedicated cyber corpus. The model can identify paragraphs related to determined cyber-threat types and accordingly attribute several related cyber scores to the firm. Stocks with high cyber scores significantly outperform other stocks.
arXiv Detail & Related papers (2024-09-13T11:30:42Z)
Risks and NLP Design: A Case Study on Procedural Document QA [52.557503571760215]
We argue that clearer assessments of risks and harms to users will be possible when we specialize the analysis to more concrete applications and their plausible users. We conduct a risk-oriented error analysis that could then inform the design of a future system to be deployed with lower risk of harm and better performance.
arXiv Detail & Related papers (2024-08-16T17:23:43Z)
Threat-Informed Cyber Resilience Index: A Probabilistic Quantitative Approach to Measure Defence Effectiveness Against Cyber Attacks [0.36832029288386137]
This paper introduces the Cyber Resilience Index (CRI), a threat-informed probabilistic approach to quantifying an organisation's defence effectiveness against cyber-attacks (campaigns) Building upon the Threat-Intelligence Based Security Assessment (TIBSA) methodology, we present a mathematical model that translates complex threat intelligence into an actionable, unified metric similar to a stock market index, that executives can understand and interact with while teams can act upon.
arXiv Detail & Related papers (2024-06-27T17:51:48Z)
ABI Approach: Automatic Bias Identification in Decision-Making Under Risk based in an Ontology of Behavioral Economics [46.57327530703435]
Risk seeking preferences for losses, driven by biases such as loss aversion, pose challenges and can result in severe negative consequences. This research introduces the ABI approach, a novel solution designed to support organizational decision-makers by automatically identifying and explaining risk seeking preferences.
arXiv Detail & Related papers (2024-05-22T23:53:46Z)
Risk-reducing design and operations toolkit: 90 strategies for managing risk and uncertainty in decision problems [65.268245109828]
This paper develops a catalog of such strategies and develops a framework for them. It argues that they provide an efficient response to decision problems that are seemingly intractable due to high uncertainty. It then proposes a framework to incorporate them into decision theory using multi-objective optimization.
arXiv Detail & Related papers (2023-09-06T16:14:32Z)
RCVaR: an Economic Approach to Estimate Cyberattacks Costs using Data from Industry Reports [8.45831177335402]
This article introduces the Real Cyber Value at Risk (RCVaR), an economical approach for estimating cybersecurity costs. RCVaR identifies the most significant cyber risk factors from various sources and combines their quantitative results to estimate specific cyberattacks costs for companies.
arXiv Detail & Related papers (2023-07-20T17:52:47Z)
Model evaluation for extreme risks [46.53170857607407]
Further progress in AI development could lead to capabilities that pose extreme risks, such as offensive cyber capabilities or strong manipulation skills. We explain why model evaluation is critical for addressing extreme risks.
arXiv Detail & Related papers (2023-05-24T16:38:43Z)
On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors. We present ROAR, a new class of attacks that instantiate a variety of such threats. We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
arXiv Detail & Related papers (2023-05-03T18:47:42Z)
Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.