Abstract
In this paper, the authors present a quantitative model for estimating security risk exposure for a firm. The model includes a formulation for the optimization of controls as well as determining sensitivity of the exposure of assets to different threats. The model uses a series of matrices to organize the data as groups of assets, vulnerabilities, threats, and controls. The matrices are then linked such that data is aggregated in each matrix and cascaded across the other matrices. The computations are reversible and transparent allowing analysts to answer what-if questions on the data. The exposure formulation is based on the Annualized Loss Expectancy (ALE) model, and uncertainties in the data are captured via Monte Carlo simulation. A mock case study based on a government agency is used to illustrate this methodology.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
