Data Loss Risk: A Multivariate Statistical Methodology Proposal

Heber José De Moura,Charles Ulises De Montreil Carmona

doi:10.14738/abr.58.3598

Heber José De Moura, Charles Ulises De Montreil Carmona

Open Access

https://doi.org/10.14738/abr.58.3598

Copy DOI

Abstract

Given that an adequate prioritization of data losses (DL) events is crucial for risk management in institutions of any nature, the present paper proposes a methodology aimed at hierarchizing the events associated with this type of risk. This proposal incorporates three specifications : parametric independence, objectivity and applicability. To illustrate , a framework was applied to records of DatalossDB, a US risk database. An hierarchy model based on Conjoint Analysis (CA) was developed by associating DL with industry sector, incident source and incident type variables. The flexibility of CA derives from its ability to use metric or non-metric variables, as well as from the lack of rigid rules regarding the relation between the combination of attributes and the preferences. The procedure determined the importance of the attributes involved and allowed the prioritization of risk events, which will certainly be useful in guiding the actions towards minimizing the problem.

Highlights

The modeling and assessment of operational risk (OR) has been given significant scholarly attention
Given that an adequate prioritization of OR events is crucial for risk management in institutions of any nature, the present paper proposes a methodology aimed at hierarchizing the events associated with this type of risk in order to objectively guide those who are Archives of Business Research (ABR)
The feasibility of the proposal was confirmed by the use of the DatalossDB database, which allowed the grouping of records on data breaches by different industry sectors, types of information breached, financial losses and other variables taken into account

Summary

Introduction

The modeling and assessment of operational risk (OR) has been given significant scholarly attention. Such an issue becomes even more relevant when we consider that the financial resources directed towards the mitigation of OR are generally limited and large. This aspect makes it even more complex to address this type of risk, which, according to Jobst (2007), cannot be considered a “mere segment of other risks”, but one that tends to have its “own life”. Reducing corporate risks generally requires the execution of a series of wide-reaching activities aimed at changing processes which are subject to uncertainty. These activities involve internal and external aspects of companies.

Methods

Results

Conclusion