Cybersecurity Acquisition Framework Based on Risk Management: Economics Perspective
Loading...
Authors
Pinto, C. Ariel
Keskin, Omer Faruk
Kucukkaya, Goksel
Poyraz, Omer Ilker
Alfaqiri, Abdulrahman
Tatar, Unal
Kucukozyigit, Ali Can
Advisors
Second Readers
Subjects
Date of Issue
2021-08
Date
08/25/21
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Cyber attacks continuously target organizations, however, the mitigation actions taken for defense are not sufficiently effective. Ability to compute the cost of attacks is crucial to assess the effectiveness of countermeasure investments. In this study, we developed a framework to have a well-informed decision-making process in cybersecurity acquisition by evaluating the business impact caused by the operability losses of assets. We tested the developed framework using various attack and mitigation scenarios. The findings suggest that using a simulation approach to calculate the business impact of cyber attacks provides the ability to support decision-making process.
Type
Technical Report
Description
Acquisition Research Program Sponsored Report Series
Sponsored Acquisition Research & Technical Reports
Sponsored Acquisition Research & Technical Reports
Series/Report No
Department
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
ODU-CE-21-018
Sponsors
Funding
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Approved for public release; distribution is unlimited.
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.