Framework for Quantifying Cyber Security Risks
article
In recent years we see that an increasing amount of information becomes available that can be beneficial to the security risk process. Traditionally, security risk management is an asset-based, qualitative process based on expert opinion and information at hand; periodically a group of experts assesses applicable risks and determines correct risk levels, and whether new risks should be added to the list. We propose in this paper a threat-based, traceable quantitative risk management approach, that uses current information to quantify risks. This leads to a near real-time risk process, where available information is processed and the risks are automatically updated. The approach was tested in practice at the main banks in the Netherlands.
TNO Identifier
884818
Source
Cyber Security, 4(3)
Files
To receive the publication files, please send an e-mail request to TNO Repository.