A Novel Model for Cybersecurity Economics and Analysis

6533b862fe1ef96bd12c6369

RESEARCH PRODUCT

A Novel Model for Cybersecurity Economics and Analysis

subject

ta113 Value (ethics)Computer science media_common.quotation_subject ComputingMilieux_LEGALASPECTSOFCOMPUTING 020207 software engineering 02 engineering and technology Business activities Computer security computer.software_genre cybersecurity economics cyber fraud advanced cyber threats taloudelliset vaikutukset cost-benefit model 020204 information systems Cyber-security regulation 0202 electrical engineering electronic engineering information engineering Research development kyberturvallisuus computer cybersecurity impact Reputation media_common

description

In recent times, major cybersecurity breaches and cyber fraud had huge negative impact on victim organisations. The biggest impact made on major areas of business activities. Majority of organisations facing cybersecurity adversity and advanced threats suffers from huge financial and reputation loss. The current security technologies, policies and processes are providing necessary capabilities and cybersecurity mechanism to solve cyber threats and risks. However, current solutions are not providing required mechanism for decision making on impact of cybersecurity breaches and fraud. In this paper, we are reporting initial findings and proposing conceptual solution. The paper is aiming to provide a novel model for Cybersecurity Economics and Analysis (CEA). We propose an innovative model for an optimal cybersecurity cost-benefit framework to help decision-making based on a combination of qualitative and quantitative analysis of the cybersecurity risks and their impact on organizational tangible and intangible assets. Cybersecurity Economics and Analysis utilizes a holistic approach to cybersecurity, proposing a model based on a deep and comprehensive analysis of organisations’ security – considering not only technological perspectives, but institutional, economic, governance and human dimensions – taking forward existing ‘best’ and effective practices from national audit frameworks, sectoral guidelines and organisational policies. This new solution will account for the wants and needs of various stakeholder groups and existing sectoral requirements. We will contribute to increasing harmonization of European cybersecurity initiatives and reducing fragmented practices of cybersecurity solutions and also helping to reach EU Digital Single Market goal. By introducing Cybersecurity Readiness Level Metrics the project will measure and increase effectiveness of cybersecurity programs, while the cost-benefit framework will help to increase the economic and financial viability, effectiveness and value generation of cybersecurity solutions for organisation’s strategic, tactical and operational imperative. The ambition of the research development and innovation (RDI) is to increase and re-establish the trust of the European citizens in European digital environments through practical solutions. peerReviewed

year	journal	country	edition	language
2017-08-01	2017 IEEE International Conference on Computer and Information Technology (CIT)

https://doi.org/10.1109/cit.2017.65