Related papers: A Bayesian Network-Driven Zero Trust Model for Cyber Risk Quantification in Small-Medium Businesses

A Bayesian Network-Driven Zero Trust Model for Cyber Risk Quantification in Small-Medium Businesses

URL: http://arxiv.org/abs/2601.06553v1
Date: Sat, 10 Jan 2026 12:40:46 GMT
Title: A Bayesian Network-Driven Zero Trust Model for Cyber Risk Quantification in Small-Medium Businesses
Authors: Ahmed M. Abdelmagid, Barry C. Ezell, Michael McShane,
Abstract summary: Small-Medium Businesses (SMBs) are essential to global economies yet remain highly vulnerable to cyberattacks.<n>This research investigates the effectiveness of Zero Trust Architecture (ZTA) as a sustainable cybersecurity solution.<n>An integrated predictive model is developed to assess both the feasibility and risk-mitigation potential of ZTA implementation.
Score: 0.0
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Small-Medium Businesses (SMBs) are essential to global economies yet remain highly vulnerable to cyberattacks due to limited budgets, inadequate cybersecurity expertise, and underestimation of cyber risks. Their increasing reliance on digital infrastructures has expanded their attack surfaces, exposing them to sophisticated and evolving threats. Consequently, implementing proactive, adaptive security measures has become imperative. This research investigates the effectiveness of Zero Trust Architecture (ZTA) as a sustainable cybersecurity solution tailored to SMBs. While ZTA adoption has been examined broadly, the specific financial, organizational, and capability constraints of SMBs remain underexplored. This study develops an integrated predictive model to assess both the feasibility and risk-mitigation potential of ZTA implementation. The model consists of two sub-models. The first sub-model evaluates the probability of successful ZTA adoption considering implied barriers, and the second tests the effectiveness of ZTA in responding to prevalent cyberattacks. The integrated model predicts the risk level in the presence of ZTA and quantifies the uncertainty of the extent to which ZTA can enhance SMBs' cyber resilience, contributing novel insights for practitioners and stakeholders seeking to enhance compliance with policies, risk, and governance activities in SMBs.

Related papers

Leveraging the Power of Ensemble Learning for Secure Low Altitude Economy [64.39232788946173]
Low Altitude Economy (LAE) holds immense promise for enhancing societal well-being and driving economic growth.<n>This paper investigates ensemble learning for secure LAE, covering research focuses, solutions, and a case study.
arXiv Detail & Related papers (2026-02-07T23:15:58Z)
BAPO: Boundary-Aware Policy Optimization for Reliable Agentic Search [72.87861928940929]
Boundary-Aware Policy Optimization (BAPO) is a novel RL framework designed to cultivate reliable boundary awareness without compromising accuracy.<n>BAPO introduces two key components: (i) a group-based boundary-aware reward that encourages an IDK response only when the reasoning reaches its limit, and (ii) an adaptive reward modulator that strategically suspends this reward during early exploration, preventing the model from exploiting IDK as a shortcut.
arXiv Detail & Related papers (2026-01-16T07:06:58Z)
PropensityBench: Evaluating Latent Safety Risks in Large Language Models via an Agentic Approach [49.14349403242654]
We present $textbfPropensityBench$, a novel benchmark framework that assesses the proclivity of models to engage in risky behaviors.<n>Our framework includes 5,874 scenarios with 6,648 tools spanning four high-risk domains: cybersecurity, self-proliferation, biosecurity, and chemical security.<n>Across open-source and proprietary frontier models, we uncover 9 alarming signs of propensity: models frequently choose high-risk tools when under pressure.
arXiv Detail & Related papers (2025-11-24T18:46:44Z)
Unveiling Trust in Multimodal Large Language Models: Evaluation, Analysis, and Mitigation [51.19622266249408]
MultiTrust-X is a benchmark for evaluating, analyzing, and mitigating the trustworthiness issues of MLLMs.<n>Based on the taxonomy, MultiTrust-X includes 32 tasks and 28 curated datasets.<n>Our experiments reveal significant vulnerabilities in current models.
arXiv Detail & Related papers (2025-08-21T09:00:01Z)
A Survey on Autonomy-Induced Security Risks in Large Model-Based Agents [45.53643260046778]
Recent advances in large language models (LLMs) have catalyzed the rise of autonomous AI agents.<n>These large-model agents mark a paradigm shift from static inference systems to interactive, memory-augmented entities.
arXiv Detail & Related papers (2025-06-30T13:34:34Z)
Modeling Interdependent Cybersecurity Threats Using Bayesian Networks: A Case Study on In-Vehicle Infotainment Systems [0.0]
This paper reviews the application of Bayesian Networks (BNs) in cybersecurity risk modeling.<n>A case study is presented in which a STRIDE-based attack tree for an automotive In-Vehicle Infotainment (IVI) system is transformed into a BN.
arXiv Detail & Related papers (2025-05-14T01:04:45Z)
LLM Cyber Evaluations Don't Capture Real-World Risk [0.0]
Large language models (LLMs) are demonstrating increasing prowess in cybersecurity applications.<n>We argue that current efforts to evaluate risks posed by these capabilities are misaligned with the goal of understanding real-world impact.
arXiv Detail & Related papers (2025-01-31T05:33:48Z)
EARBench: Towards Evaluating Physical Risk Awareness for Task Planning of Foundation Model-based Embodied AI Agents [53.717918131568936]
Embodied artificial intelligence (EAI) integrates advanced AI models into physical entities for real-world interaction.<n>Foundation models as the "brain" of EAI agents for high-level task planning have shown promising results.<n>However, the deployment of these agents in physical environments presents significant safety challenges.<n>This study introduces EARBench, a novel framework for automated physical risk assessment in EAI scenarios.
arXiv Detail & Related papers (2024-08-08T13:19:37Z)
Threat-Informed Cyber Resilience Index: A Probabilistic Quantitative Approach to Measure Defence Effectiveness Against Cyber Attacks [0.36832029288386137]
This paper introduces the Cyber Resilience Index (CRI), a threat-informed probabilistic approach to quantifying an organisation's defence effectiveness against cyber-attacks (campaigns) Building upon the Threat-Intelligence Based Security Assessment (TIBSA) methodology, we present a mathematical model that translates complex threat intelligence into an actionable, unified metric similar to a stock market index, that executives can understand and interact with while teams can act upon.
arXiv Detail & Related papers (2024-06-27T17:51:48Z)
Risks of AI Scientists: Prioritizing Safeguarding Over Autonomy [65.77763092833348]
This perspective examines vulnerabilities in AI scientists, shedding light on potential risks associated with their misuse.<n>We take into account user intent, the specific scientific domain, and their potential impact on the external environment.<n>We propose a triadic framework involving human regulation, agent alignment, and an understanding of environmental feedback.
arXiv Detail & Related papers (2024-02-06T18:54:07Z)
Building Resilient SMEs: Harnessing Large Language Models for Cyber Security in Australia [0.0]
Small and medium-sized enterprises (SMEs) in Australia are experiencing increased vulnerability to cyber threats. Artificial Intelligence (AI), Machine Learning (ML) and Large Language Models (LLMs) can potentially strengthen cyber security policies for Australian SMEs. This study provides a comprehensive understanding of the potential role of LLMs in enhancing cyber security policies for Australian SMEs.
arXiv Detail & Related papers (2023-06-05T06:01:00Z)
A robust statistical framework for cyber-vulnerability prioritisation under partial information in threat intelligence [0.0]
This work introduces a robust statistical framework for quantitative and qualitative reasoning under uncertainty about cyber-vulnerabilities. We identify a novel accuracy measure suited for rank in variance under partial knowledge of the whole set of existing vulnerabilities. We discuss the implications of partial knowledge about cyber-vulnerabilities on threat intelligence and decision-making in operational scenarios.
arXiv Detail & Related papers (2023-02-16T15:05:43Z)

This list is automatically generated from the titles and abstracts of the papers in this site.