Abstract
Security risk assessment provides valuable insights about potential security risks to an organization to protect their critical information assets. With an ability to comprehend security risks, organizations can make effective decision to allocate their budget to mitigate or treat those risks (often based on the severity of the risk). Thus, it is paramount to identify and assess risk scenarios properly to manage those risks. Subjective judgment due to the lack of statistical data and the adaptive nature of the adversary may affect the credibility of the assessments when using classical risk assessment methods. Even though game theoretical approach formulates robust mathematical models for risk assessment without the reliance on subjective probabilities, it is seldom used in organizations. Thus, this chapter expands on the existing mapping between game theory and risk assessment process and terminology to provide further insight into how game theory can be utilized for risk assessment. In addition, we provide our view on how cooperative game theoretical model may be used to capture opportunity risk, which is usually overlooked in many classical risk assessment methods.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
