QBER: Quantifying Cyber Risks for Strategic Decisions
Muriel Figueredo Franco, Aiatur Rahaman Mullick, Santosh Jha
TL;DR
The paper introduces QBER, a comprehensive approach for quantifying cyber risks by evaluating attack probabilities, impacts, and costs to aid organizations in strategic cybersecurity decision-making.
Contribution
It presents a novel model that integrates economic and technical factors to measure cyber risks and guides risk mitigation strategies.
Findings
Provides measurable risk metrics for decision-makers
Analyzes cyberattack probabilities and impacts
Suggests strategies for risk mitigation
Abstract
Quantifying cyber risks is essential for organizations to grasp their vulnerability to threats and make informed decisions. However, current approaches still need to work on blending economic viewpoints to provide insightful analysis. To bridge this gap, we introduce QBER approach to offer decision-makers measurable risk metrics. The QBER evaluates losses from cyberattacks, performs detailed risk analyses based on existing cybersecurity measures, and provides thorough cost assessments. Our contributions involve outlining cyberattack probabilities and risks, identifying Technical, Economic, and Legal (TEL) impacts, creating a model to gauge impacts, suggesting risk mitigation strategies, and examining trends and challenges in implementing widespread Cyber Risk Quantification (CRQ). The QBER approach serves as a guided approach for organizations to assess risks and strategically invest in…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsBig Data and Business Intelligence · Information and Cyber Security