Open Conference Systems, 50th Scientific meeting of the Italian Statistical Society

Font Size: 
How to measure cybersecurity risk
Silvia Angela Osmetti

Last modified: 2018-05-17

Abstract


In the last years there have been a scholars increasing interest in cybersecurityrisk measurement. This paper proposes a methodology to measure cyber risk,using ordinal data, to prioritise appropriate interventions. The method relies on theconstruction of a Criticality index: a new measure of risk based on the cumulativeprobabilities of the ordinal variable that represents the level of severity for differentrisk event. Its properties are derived and compared with alternative measuresemployed in operational risk measurement. we apply our proposal to real data ofa telecommunication service company. The proposed measure is found to be quiteeffective to rank cyber risk types and, therefore, allow selective preventive actions.

References


1. Afful-Dadzie, A., and Allen, T.T.: Data-Driven Cyber-Vulnerability Maintenance Policies.Journal of Quality Technology, 46, 234-250 (2017).

2. Cebula, J.J., and Young, L.R. (2010). A Taxonomy of Operational Cyber Security Risks, TechnicalNote CMU/SEI-2010-TN-028, Software Engineering Institute, Carnegie Mellon University,1-34.

3. Edgar, T.W., and Manz, D.O. (2017). Research Methods for Cyber Security, Elsevier.

4. Facchinetti, S., and Osmetti, S.A.: A risk index for ordinal variables and its statistical properties:a priority of intervention indicator in quality control framework. Quality and ReliabilityEngeneering International, 34, 265275 (2018).

5. Figini, S., and Giudici, P.: Measuring risk with ordinal variables. Journal of Operational Risk,8, 35-43 (2013).

6. Hubbard, D.W., and Seiersen, R.: How to Measure Anything in Cybersecurity Risk. Wiley,New York (2016).


Full Text: PDF