Abstract
Abstract Identifying and understanding security risks for information system design or evaluation is very challenging. Making decisions about accepting or mitigating these risks through a rational, traceable, and understandable process is even harder. Quantitative risk analysis techniques can help stakeholders understand and communicate risk‐informed design decisions even when the stakeholders have conflicting objectives. Quantitative risk analysis also helps stakeholders understand security, cost, and functionality trade‐off decisions in repeatable process. This paper discusses the roles of stakeholders in risk analysis, the advantages and disadvantages of quantitative risk analysis, basic cyber risk decision support concepts and processes, and the mathematical definitions of risk for information systems. This paper recommends the use of properly constructed quantitative risk analysis models and discourages the use of semiquantitative risk analysis models.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
