70:
140:
29:
269:
involves the application of risk quantification techniques to an organization's cybersecurity risk. Cyber risk quantification is the process of evaluating the cyber risks that have been identified and then validating, measuring and analyzing the available cyber data using mathematical modeling
274:
environment in a manner that can be used to make informed cybersecurity infrastructure investment and risk transfer decisions. Cyber risk quantification is a supporting activity to cybersecurity risk management; cybersecurity risk management is a component of enterprise risk management and is
416:
328:'Cyber-Confidence' is / are the actual executed tests which have passed. This value can be converted to a statistical probability & the associated Cyber-Risk calculated:
358:
It can be applied to estimate the Cyber-Confidence (& Cyber-Risk) based upon the number of tests which have actually been executed & passed
339:
Example-2: All 65,536 TCP ports & 65,536 UDP ports are confirmed to be dead or inactive on an asset; how resistant to penetration is it ?
99:
164:
of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be
560:
332:
Example-1: 'A certain number' of tests have been executed & passed. Let's imagine that it yields a Defect-Free
Confidence of 97.43%.
412:
216:
42:
188:
195:
202:
373:
290:
meeting. At this meeting, VaR was studied and researched and deemed to be a viable method of quantifying cyber risk.
184:
253:
235:
121:
56:
92:
602:
48:
161:
393:
368:
574:
622:
209:
157:
173:
82:
355:
It can be applied to estimate the number of tests required for any desired level of Cyber-Confidence
617:
603:
World
Economic Forum: Partnering for Cyber Resilience - Towards the Quantification of Cyber Threats
86:
78:
627:
276:
103:
556:
548:
509:
378:
298:
Cyber risk quantification has been used in a variety of practical applications, including:
287:
275:
especially important in organizations and enterprises that are highly dependent upon their
150:
8:
529:
490:
169:
552:
165:
533:
494:
521:
482:
453:
443:
510:"ROI-Driven Cyber Risk Mitigation Using Host Compliance and Network Configuration"
347:
Typically, this form of Cyber-Confidence &/or Cyber-Risk estimation is termed
474:
525:
486:
611:
388:
383:
283:
271:
479:
2016 12th
International Conference on Network and Service Management (CNSM)
432:"Cyber Risk Quantification: Investigating the Role of Cyber Value at Risk"
448:
431:
458:
508:
Alsaleh, Mohammed
Noraden; Al-Shaer, Ehab; Husari, Ghaith (2017).
473:
Alsaleh, Mohammed
Noraden; Husari, Ghaith; Al-Shaer, Ehab (2016).
156:
Please help to demonstrate the notability of the topic by citing
413:"New Framework to Help Companies Calculate Risk of Cyberattacks"
320:
The mathematical definition of Cyber-Risk is as follows:
279:(IT) networks and systems for their business operations.
270:
techniques to accurately represent the organization's
507:
472:
547:
De
Corniere, Alexandre; Taylor, Greg (August 2021).
286:(VaR) method that is discussed at the January 2015
549:"A Model of Information Security and Competition"
546:
609:
91:but its sources remain unclear because it lacks
475:"Optimizing the RoI of cyber risk mitigation"
343:Cyber-Confidence = 99.83%, Cyber-Risk = 0.17%
293:
282:One method of quantifying cyber risk is the
57:Learn how and when to remove these messages
315:
514:Journal of Network and Systems Management
457:
447:
254:Learn how and when to remove this message
236:Learn how and when to remove this message
122:Learn how and when to remove this message
419:from the original on September 28, 2016.
429:
610:
563:from the original on October 26, 2021.
305:Cyber Security Return on Investment
133:
63:
22:
581:. Security Scientist. March 7, 2023
374:Factor analysis of information risk
13:
14:
639:
596:
324:Cyber-Risk = 1 - Cyber-Confidence
38:This article has multiple issues.
575:"Guide to NIST Risk Assessments"
138:
68:
27:
311:Cybersecurity risk assessments
46:or discuss these issues on the
567:
540:
501:
466:
423:
405:
1:
399:
394:NIST Cybersecurity Framework
369:Center for Internet Security
151:general notability guideline
7:
362:
185:"Cyber risk quantification"
10:
644:
308:Software Mitigation Costs
158:reliable secondary sources
147:The topic of this article
579:www.securityscientist.net
526:10.1007/s10922-017-9428-x
487:10.1109/CNSM.2016.7818421
294:Practical Implementations
267:Cyber risk quantification
149:may not meet Knowledge's
430:Orlando, Albina (2021).
77:This article includes a
316:Mathematical definition
106:more precise citations.
277:information technology
481:. pp. 223–227.
449:10.3390/risks9100184
288:World Economic Forum
336:Cyber-Risk = 2.57%.
153:
79:list of references
623:Computer security
379:Gordon–Loeb model
264:
263:
256:
246:
245:
238:
220:
148:
132:
131:
124:
61:
635:
591:
590:
588:
586:
571:
565:
564:
544:
538:
537:
505:
499:
498:
470:
464:
463:
461:
451:
427:
421:
420:
409:
302:Cyber insurance
259:
252:
241:
234:
230:
227:
221:
219:
178:
142:
141:
134:
127:
120:
116:
113:
107:
102:this article by
93:inline citations
72:
71:
64:
53:
31:
30:
23:
643:
642:
638:
637:
636:
634:
633:
632:
618:Risk management
608:
607:
599:
594:
584:
582:
573:
572:
568:
545:
541:
506:
502:
471:
467:
428:
424:
411:
410:
406:
402:
365:
318:
296:
260:
249:
248:
247:
242:
231:
225:
222:
179:
177:
155:
143:
139:
128:
117:
111:
108:
97:
83:related reading
73:
69:
32:
28:
19:
18:Risk assessment
12:
11:
5:
641:
631:
630:
625:
620:
606:
605:
598:
597:External links
595:
593:
592:
566:
539:
520:(4): 759–783.
500:
465:
422:
403:
401:
398:
397:
396:
391:
386:
381:
376:
371:
364:
361:
360:
359:
356:
345:
344:
337:
326:
325:
317:
314:
313:
312:
309:
306:
303:
295:
292:
262:
261:
244:
243:
146:
144:
137:
130:
129:
87:external links
76:
74:
67:
62:
36:
35:
33:
26:
17:
9:
6:
4:
3:
2:
640:
629:
628:Risk analysis
626:
624:
621:
619:
616:
615:
613:
604:
601:
600:
580:
576:
570:
562:
558:
554:
550:
543:
535:
531:
527:
523:
519:
515:
511:
504:
496:
492:
488:
484:
480:
476:
469:
460:
455:
450:
445:
441:
437:
433:
426:
418:
414:
408:
404:
395:
392:
390:
389:ISO/IEC 27002
387:
385:
384:ISO/IEC 27001
382:
380:
377:
375:
372:
370:
367:
366:
357:
354:
353:
352:
350:
342:
338:
335:
331:
330:
329:
323:
322:
321:
310:
307:
304:
301:
300:
299:
291:
289:
285:
284:value-at-risk
280:
278:
273:
272:cybersecurity
268:
258:
255:
240:
237:
229:
218:
215:
211:
208:
204:
201:
197:
194:
190:
187: –
186:
182:
181:Find sources:
175:
171:
167:
163:
159:
152:
145:
136:
135:
126:
123:
115:
105:
101:
95:
94:
88:
84:
80:
75:
66:
65:
60:
58:
51:
50:
45:
44:
39:
34:
25:
24:
21:
16:
583:. Retrieved
578:
569:
542:
517:
513:
503:
478:
468:
459:10419/258268
439:
435:
425:
407:
348:
346:
340:
333:
327:
319:
297:
281:
266:
265:
250:
232:
226:January 2017
223:
213:
206:
199:
192:
180:
118:
112:January 2017
109:
98:Please help
90:
54:
47:
41:
40:Please help
37:
20:
15:
442:(10): 184.
349:Testimation
162:independent
104:introducing
612:Categories
400:References
196:newspapers
170:redirected
43:improve it
585:March 10,
351:because:
160:that are
49:talk page
561:Archived
534:20994581
495:16037703
417:Archived
363:See also
557:3928754
341:Answer:
334:Answer:
210:scholar
174:deleted
100:improve
555:
532:
493:
212:
205:
198:
191:
183:
166:merged
530:S2CID
491:S2CID
436:Risks
217:JSTOR
203:books
172:, or
85:, or
587:2023
553:SSRN
189:news
522:doi
483:doi
454:hdl
444:doi
614::
577:.
559:.
551:.
528:.
518:25
516:.
512:.
489:.
477:.
452:.
438:.
434:.
415:.
168:,
89:,
81:,
52:.
589:.
536:.
524::
497:.
485::
462:.
456::
446::
440:9
257:)
251:(
239:)
233:(
228:)
224:(
214:·
207:·
200:·
193:·
176:.
154:.
125:)
119:(
114:)
110:(
96:.
59:)
55:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.