Evaluating the risk of cyber-attacks is essential for companies. There is a growing need to develop and implement effective strategies for cyber security, data security, and privacy protection. With the rise in cyber threats, assessing the risk of a successful attack is increasingly important for companies and their customers. While quantitative loss data are seldom available, experts can provide qualitative evaluations of attack severity on an ordinal scale. Hence, the ordered response model, particularly the cumulative link model, is suitable for analyzing cyber risk. This model explains the experts’ assessments of the severity of a cyber-attack based on a set of explanatory variables describing the characteristics of the attack under consideration, including measures of the attack’s impact diffusion through a network structure. Additionally, a detailed analysis of a real dataset is offered, documenting major cyber-attacks worldwide from 2017-2018.
Facchinetti, S., Osmetti, S. A., Tarantola, C., Ordered response models for cyber risk assessment, in Ana Colubi, E. K. M. P. (ed.), PROGRAMME AND ABSTRACTS,CFE-CMStatistics 2024, 18th International Conference onComputational and Financial Econometrics (CFE 2024)and Computational and Methodological Statistics (CMStatistics 2024), ECOSTA ECONOMETRICS AND STATISTICS, London 2024: 144- 144 [https://hdl.handle.net/10807/312221]
Ordered response models for cyber risk assessment
Facchinetti, Silvia;Osmetti, Silvia Angela;
2024
Abstract
Evaluating the risk of cyber-attacks is essential for companies. There is a growing need to develop and implement effective strategies for cyber security, data security, and privacy protection. With the rise in cyber threats, assessing the risk of a successful attack is increasingly important for companies and their customers. While quantitative loss data are seldom available, experts can provide qualitative evaluations of attack severity on an ordinal scale. Hence, the ordered response model, particularly the cumulative link model, is suitable for analyzing cyber risk. This model explains the experts’ assessments of the severity of a cyber-attack based on a set of explanatory variables describing the characteristics of the attack under consideration, including measures of the attack’s impact diffusion through a network structure. Additionally, a detailed analysis of a real dataset is offered, documenting major cyber-attacks worldwide from 2017-2018.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
