A Novel Approach to Cyber Risk Quantification for Enterprise Decision

Article Sidebar

View Abstract pdf download pdf View pdf
DOI https://doi.org/10.18090/samriddhi.v12i01.12
Published Mar 30, 2020
DOI https://doi.org/10.18090/samriddhi.v12i01.12

Main Article Content

Chetan Prakash Ratnawat
Jiwaji University, Capgemini America Inc, Chicago, USA

Abstract

It is in the realm of cyber risk governance to enterprises that we have gotten sucked into the rut of broadly qualitative maturity ratings and scores that do not have much financial relevance or decision-making usefulness. With the growing complexity of digital systems and infrastructures, due to the emergence of cloud-native systems, distributed systems, and sophisticated third-party ecosystems, a more financially focused and compatible cyber risk image is required against the existing enterprise-wide risk management systems. In this paper, I have described a quantitative cyber risk model in the form of a structure that incorporates the financial quantification of the assets, probabilistic frequency analysis of the threats, vulnerability exposure index, loss propagation model with dependency modification, and stochastic simulation of annualized loss distributions. We formalize cyber exposure as a financial function under uncertainty which in turn supports stress testing, capital allocation optimization and insurance calibration. A financial industry example of out-of-province casual study indicates that exposure differentiation, tail-risk viewability and prioritization of mitigation are better with this new framework than with standard heat-map techniques. The framework provides a falsifiable and economically understandable basis of enterprise cyber governance.

Downloads

Download data is not yet available.

Article Details

How to Cite
Ratnawat, C. (2020). A Novel Approach to Cyber Risk Quantification for Enterprise Decision. SAMRIDDHI : A Journal of Physical Sciences, Engineering and Technology, 12(01), 62-66. https://doi.org/10.18090/samriddhi.v12i01.12
Issue
Vol 12 No 01 (2020): SAMRIDDHI : A Journal of Physical Sciences, Engineering and Technology
Section
Articles

References

[1] L. Gordon and M. Loeb, “The economics of information security investment,” ACM Transactions on Information and System Security, vol. 5, no. 4, pp. 438–457, 2002.
[2] R. Anderson and T. Moore, “The economics of information security,”
Science, vol. 314, no. 5799, pp. 610–613, 2006.
[3] A. Smith and J. Brooks, “Measuring enterprise cyber exposure,”
IEEE Security and Privacy, vol. 15, no. 4, pp. 72–79, 2017.
[4] P. Bodin, L. Gordon, and M. Loeb, “Evaluating information security investments,” Communications of the ACM, vol. 48, no. 2, pp. 121– 125, 2005.
[5] Satish Kumar Nalluri, Venkata Krishna Bharadwaj Parasaram. (2019). Software-Centric Automation Frameworks Integrating AI and Cybersecurity Principles. International Journal of Engineering Science & Humanities, 9(1), 30–40. Retrieved from https://www.ijesh.com/j/article/view/539
[6] J. Freund and J. Jones, Measuring and Managing Information Risk. Butterworth-Heinemann, 2014.
[7] T. Sommestad, H. Holm, and M. Ekstedt, “Estimating attack probabilities,” IEEE Transactions on Dependable and Secure Computing, vol. 10, no. 4, pp. 219–232, 2013.
[8] D. R. Cox and H. D. Miller, The Theory of Stochastic Processes. Chapman and Hall, 1965.
[9] P. Mell, K. Scarfone, and S. Romanosky, “A complete guide to the Common Vulnerability Scoring System,” FIRST, 2007.
[10] R. Böhme and G. Schwartz, “Modeling cyber-insurance,” Workshop on Economics of Information Security, 2010.
[11] S. Romanosky, L. Ablon, A. Kuehn, and T. Jones, “Content analysis of cyber insurance policies,” Journal of Cybersecurity, vol. 5, no. 1, 2019.
[12] Nalluri, S. K., & Parasaram, V. K. B. (2016). Early Approaches to Robotic Process Automation in Enterprise Systems. International Journal of Humanities and Information Technology, 1(01), 12-28. https://doi.org/10.21590/ijhit.01.01.06
[13] Satish Kumar Nalluri, Venkata Krishna Bharadwaj Parasaram, Varun Teja Bathini. (2020). Secure Automation Frameworks for Smart Manufacturing Using Blockchain-Assisted Traceability. International Journal of Research & Technology, 8(2), 47–53. Retrieved from https://ijrt.org/j/article/view/879
[14] Parasaram, V. K. B., & Nalluri, S. K. (2016). A Comparative Analysis of Risk Management Frameworks in Enterprise IT Projects. SAMRIDDHI : A Journal of Physical Sciences, Engineering and Technology, 8(02), 147-155. https://doi.org/10.18090/samriddhi.v8i2.7149
[15] M. Cebula and L. Young, “A taxonomy of operational cyber security risks,” Carnegie Mellon University, 2010.
[16] E. Luiijf, K. Besseling, and P. de Graaf, “Nineteen national cyber security strategies,” International Journal of Critical Infrastructure Protection, vol. 7, no. 1, pp. 3–31, 2014.
[17] M. Shinohara, “Quantitative approaches to cybersecurity risk,”
Journal of Risk Analysis, vol. 33, no. 5, pp. 843–857, 2013.
[18] Y. Zhang and P. Xiong, “System-level AI integration in nancial enterprises,” Journal of Enterprise Information Management, vol. 34, no. 5, pp. 1461–1478, 2021.
[19] I. S. Jacobs and C. P. Bean, “Fine particles, thin films and exchange anisotropy,” in Magnetism, vol. III, G. T. Rado and H. Suhl, Eds. New York: Academic, 1963, pp. 271–350.