Title
Framework for Quantifying Cyber Security Risks
Author
Wolthuis, R.
Phillipson, F.
Jongsma, H.J.
Langenkamp, P.N.
Publication year
2021
Abstract
In recent years we see that an increasing amount of information becomes available that can be beneficial to the security risk process. Traditionally, security risk management is an asset-based, qualitative process based on expert opinion and information at hand; periodically a group of experts assesses applicable risks and determines correct risk levels, and whether new risks should be added to the list. We propose in this paper a threat-based, traceable quantitative risk management approach, that uses current information to quantify risks. This leads to a near real-time risk process, where available information is processed and the risks are automatically updated. The approach was tested in practice at the main banks in the Netherlands
Subject
Quantified cyber security
Bayesian Belief Network
Real Time Monitoring
Model Based
To reference this document use:
http://resolver.tudelft.nl/uuid:60180e23-93ec-40aa-bc5a-176ad57b10c7
TNO identifier
884818
Source
Cyber Security, 4 (4)
Document type
article