Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management

We present a decision‐analysis‐based approach that quantifies threat, vulnerability, and consequences through a set of criteria designed to assess the overall utility of cybersecurity management alternatives. The proposed framework bridges the gap between risk assessment and risk management, allowing an analyst to ensure a structured and transparent process of selecting risk management alternatives. The use of this technique is illustrated for a hypothetical, but realistic, case study exemplifying the process of evaluating and ranking five cybersecurity enhancement strategies. The approach presented does not necessarily eliminate biases and subjectivity necessary for selecting countermeasures, but provides justifiable methods for selecting risk management actions consistent with stakeholder and decisionmaker values and technical data.

http://onlinelibrary.wiley.com/resolve/doi?DOI=10.1111%2Frisa.12891

Source: Risk Analysis - September 5, 2017 Category: International Medicine & Public Health Authors: Alexander A. Ganin, Phuoc Quach, Mahesh Panwar, Zachary A. Collier, Jeffrey M. Keisler, Dayton Marchese, Igor Linkov Tags: Perspective Source Type: research

More News: International Medicine & Public Health | Study