Methodology of Quantitative Assessment of Network Cyber Threats Using a Risk-Based Approach
Methodology of Quantitative Assessment of Network Cyber Threats Using a Risk-Based Approach
Author(s): Artem ZhylinSubject(s): Social Sciences, Sociology, Methodology and research technology, Social Informatics, ICT Information and Communications Technologies
Published by: NASK – Państwowy Instytut Wydawniczy
Keywords: cyber risk; network cyber threats; quantitative assessment; risk-oriented approach; network cybersecurity domain; cyber threat landscape
Summary/Abstract: The methodology of a quantitative assessment of organ- isation’s network cyber threats was developed in order to quanti- tatively assess and compare the cybersecurity threat landscape in conditions of limited data while applying the risk-oriented approach. It can be used either for assessing the level of network cyber threats of a particular organisation (as a quantitative measure of the criti- cality of cyber threats that are detected within the organisation’s network) or for comparing the level of network cyber threats of several organisations during the same or different time periods, giving grounds for supporting the process of making manage- rial decisions regarding the organisation’s cybersecurity strategy. The proposed scheme of the algorithm can be used to automate the calculation process. The assessment of network cyber threats that are considered in the article is not a full-fledged measure of the cyber risk because the methodology was developed consider- ing the common circumstances of the deficiency of the risk context data. Nevertheless, the results of the methodology implementation partially reflect the overall level of the organisation’s cyber risk and are expected to be used in the case when the full-featured proper cyber threats assessment can’t be organised for some reason.
Journal: Applied Cybersecurity & Internet Governance
- Issue Year: 3/2024
- Issue No: 1
- Page Range: 227-260
- Page Count: 34
- Language: English
