“Cyber risk quantification”的意思、由来-开放百科全书

词条

Cyber risk quantification

释义

Tools
See also
References
External links

{{Use American English|date = March 2019}}{{Short description|Risk assessment}}{{Use mdy dates|date = March 2019}}{{multiple issues|{{no footnotes|date=January 2017}}{{notability|date=January 2017}}}}

Cyber risk quantification involves the application of risk quantification techniques to an organization's cybersecurity risk. Cyber risk quantification is the process of evaluating the cyber risks that have been identified and then validating, measuring and analyzing the available cyber data using mathematical modeling techniques to accurately represent the organization's cybersecurity environment in a manner that can be used to make informed cybersecurity infrastructure investment and risk transfer decisions. Cyber risk quantification is a supporting activity to cybersecurity risk management; cybersecurity risk management is a component of enterprise risk management and is especially important in organizations and enterprises that are highly dependent upon their information technology (IT) networks and systems for their business operations.

One method of quantifying cyber risk is the value-at-risk (VaR) method that is discussed at the January 2015 World Economic Forum meeting (see external reference below). At this meeting, VaR was studied and researched and deemed to be a viable method of quantifying cyber risk.

A metric related to Cyber Risk Quantification that has been identified and cited{{who|date=January 2017}} is "Cyber Risk Reduction Return on Investment" or "CR3OI" as a metric that uses Cyber VaR and is an expression of the return on investment of a single or series of cyber investments. See Cyber Risk Reduction Return on Investment.

Tools

Cyber risk quantification can be an automated or software supported process that lets the user create a model of the system architecture and then uses the built in mathematical modeling techniques in the software to quantify the cyber security risks.

foreseeti offers a commercial Cyber Risk Quantification tool – securiCAD. This tool focuses on cyber risk quantification of IT infrastructures using a CAD-based approach where assets are automatically or manually placed on a drawing pane. By encapsulating complex attack trees within generalizable assets (like hosts, dataflows, firewalls, and IDS), securiCAD makes Cyber Risk Quantification accessible also for non-experts. By attaching an Attacker to different attack steps on available Assets, different scenarios can be simulated and analyzed. It is intended for company cyber security management, from CISO to security engineer to IT technician.^[1] The further development of securiCAD is currently a part of the EU-funded project CyberWiz.^[2] An article (in German) about CyberWiz containing some insights in the functionality of securiCAD has been published in the expert portal "Informatik aktuell".^[3]

References

1. ^{{Cite web|url=https://www.foreseeti.com/|title=Cyber Risk Simulations|website=Foreseeti|language=en-US|access-date=2019-03-12}}
2. ^The CyberWiz Project Website
3. ^{{Cite web|url=https://www.informatik-aktuell.de/betrieb/sicherheit/cyberwiz-ein-eu-projekt-zum-schutz-kritischer-infrastrukturen.html|title=CyberWiz – ein EU-Projekt zum Schutz kritischer Infrastrukturen|website=Informatik Aktuell|language=de|access-date=2019-03-12}}

External links

World Economic Forum: Partnering for Cyber Resilience - Towards the Quantification of Cyber Threats
[https://www.afponline.org/trends-topics/topics/articles/Details/cybersecurity-quantifying-value-at-risk]

3 : Risk management|Computer security|Risk analysis

随便看

开放百科全书收录14589846条英语、德语、日语等多语种百科知识，基本涵盖了大多数领域的百科知识，是一部内容自由、开放的电子版国际百科全书。

Tools

See also

References

External links