Reframing Cyber Risk Quantification: From Qualitative Scoring to Measurable Financial Exposure

Article Sidebar

View Abstract pdf download pdf View pdf
DOI https://doi.org/10.18090/samriddhi.v14i01.23
Published Mar 30, 2022
DOI https://doi.org/10.18090/samriddhi.v14i01.23

Main Article Content

Chetana Prakash Ratnawat
Jiwaji University, Capgemini America Inc, Chicago, USA

Abstract

Organizations are still evaluating their cyber risk by using qualitative maturity ratings and ordinal scoring matrices and compliance checklists that lack financial information and decision-making value. The mechanisms give directional guidance but fail to help organizations to quantify their financial exposure and the development of enterprise risk management systems. The research provides the measurement of cyber risk based on calculation of financial exposure that serves as a system to measure. The framework integrates the asset valuation, probabilistic threat modeling, and structural dependency adjustment and exposure normalization and distribution-based loss estimation to develop a tool of governance that provides financial sensitivity. The organizations must move beyond ordinal risk scoring systems and adopt exposure distribution metrics since this will enable them to correlate their cyber decision-making systems with their capital allocation decision and their insurance calibration systems and their risk appetite test. The enterprise case study that employs anonymization proves to be more transparent and prioritization outcome and governance fit which is superior to the conventional risk heat-map methods. The research proposes a methodical process that can be applied by companies to translate their cyber risk assessment products out of the qualitative techniques to accurate financial assessment.

Downloads

Download data is not yet available.

Article Details

How to Cite
Ratnawat, C. (2022). Reframing Cyber Risk Quantification: From Qualitative Scoring to Measurable Financial Exposure. SAMRIDDHI : A Journal of Physical Sciences, Engineering and Technology, 14(01), 142-146. https://doi.org/10.18090/samriddhi.v14i01.23
Issue
Vol 14 No 01 (2022): SAMRIDDHI : A Journal of Physical Sciences, Engineering and Technology
Section
Articles

References

[1] L. Gordon and M. Loeb, “The economics of information security
investment,” ACM TISSEC, 2002.
[2] R. Anderson and T. Moore, “The economics of information
security,” Science, 2006.
[3] J. Freund and J. Jones, Measuring and Managing Information
Risk, 2014.
[4] P. Bodin et al., “Evaluating information security investments,”
Communications of the ACM, 2005.
[5] A. Smith and J. Brooks, “Measuring enterprise cyber exposure,”
IEEE Security and Privacy, 2017.
[6] P. Embrechts et al., Modelling Extremal Events, 1997.
[7] D. Cox and H. Miller, The Theory of Stochastic Processes, 1965.
[8] M. Shinohara, “Quantitative approaches to cybersecurity risk,”
2013.
[9] Satish Kumar Nalluri, Venkata Krishna Bharadwaj Parasaram.
(2019). Software-Centric Automation Frameworks Integrating
AI and Cybersecurity Principles. International Journal of
Engineering Science & Humanities, 9(1), 30–40. Retrieved from
https://www.ijesh.com/j/article/view/539
[10] R. Böhme and G. Schwartz, “Modeling cyber-insurance,” 2010.
[11] S. Romanosky et al., “Content analysis of cyber insurance
policies,” 2019.
[12] M. Newman, Networks: An Introduction, 2010.
[13] E. Luiijf et al., “National cyber security strategies,” 2014.
[14] T. Sommestad et al., “Estimating attack probabilities,” IEEE
TDSC, 2013.
[15] D. Helbing, “Globally networked risks,” Nature, 2013.
[16] P. Mell et al., “Common Vulnerability Scoring System,” 2007.