IDEAS home Printed from https://ideas.repec.org/a/ris/jofitr/1579.html
   My bibliography  Save this article

Safety in Numbers: Toward a New Methodology for Quantifying Cyber Risk

Author

Listed:

Abstract

For financial institutions, safeguarding against cyber attack is now about more than just protection – increasingly it means managing cyber risk effectively across the organization. In modern, diffuse networks, such as those in most large banks, allocating risk across multiple network nodes (defined here as IT infrastructure, assets, and points of access) is vital to developing comprehensive strategies for managing cyber risk. Central to this is quantifying the risk. We believe that current scoring and statistically oriented models for cyber risk quantification are based on flawed assumptions, and fail to answer several key questions. We propose a methodology for quantifying cyber risk that incorporates the physical network in the organization, and the behavior and characteristics of individuals and processes in that network – including the actions they take to mitigate cyber risks. In addition, as allocating and attributing risk are central to modifying the behavior of institutions and individuals, enabling organizations to easily attribute and allocate risk to specific nodes and edges of the network is central to our method. This paper provides a high-level summary of the approach, and highlights how it differs from, and improves on, existing models of cyber risk quantification.

Suggested Citation

  • Dash, Sidhartha & Mestchian, Peyman, 2016. "Safety in Numbers: Toward a New Methodology for Quantifying Cyber Risk," Journal of Financial Transformation, Capco Institute, vol. 44, pages 39-44.
    • Handle: RePEc:ris:jofitr:1579
    as

    Download full text from publisher

    To our knowledge, this item is not available for download. To find whether it is available, there are three options:
    1. Check below whether another version of this item is available online.
    2. Check on the provider's web page whether it is in fact available.
    3. Perform a search for a similarly titled item that would be available.

    More about this item

    Keywords

    Cyber; risk; quantifying; Bayesian; new; methodology; finance; institutions;
    All these keywords.

    JEL classification:

    • C11 - Mathematical and Quantitative Methods - - Econometric and Statistical Methods and Methodology: General - - - Bayesian Analysis: General
    • D22 - Microeconomics - - Production and Organizations - - - Firm Behavior: Empirical Analysis
    • L20 - Industrial Organization - - Firm Objectives, Organization, and Behavior - - - General
    • O00 - Economic Development, Innovation, Technological Change, and Growth - - General - - - General

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:ris:jofitr:1579. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Prof. Shahin Shojai (email available below). General contact details of provider: http://www.capco.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.