AbstractWhen investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge.In this paper, we consider three possible decision support methodologies for security managers to tackle this challenge. We consider methods based on game theory, combinatorial optimisation, and a hybrid of the two. Our modelling starts by building a framework where we can investigate the effectiveness of a cyber security control regarding the protection of different assets seen as targets in presence of commodity threats. As game theory captures the interaction between the endogenous organisation's and attackers' decisions, we consider a 2-person c...
Losses due to cyber security incidents could be very significant for organisations. This fact forces...
Investments on cybersecurity are essential for organizations to protect operational activities, deve...
In the information age, the scale and scope of cyber attacks on information systems is on the rise. ...
When investing in cyber security resources, information security managers have to follow effective d...
Creative Commons License: Attribution 4When investing in cyber security resources, information secur...
AbstractWhen investing in cyber security resources, information security managers have to follow eff...
In this paper we investigate how to optimally invest in cybersecurity controls. We are particularly ...
Cyber hygiene measures are often recommended for strengthening an organization’s security posture, e...
This work addresses the challenge “how do we make better security decisions?” and it develops techni...
Assessing and controlling cyber risk is the cornerstone of information security management, but also...
Cyber hygiene measures are often recommended for strengthening an organization’s security posture, e...
Nowadays, cyber threats are considered among the most dangerous risks by top management of enterpris...
The protection of assets, including IT resources, intellectual property and business processes, agai...
We study the decision-making problem in cybersecurity risk planning concerning resource allocation s...
In this work we attempt to develop models that can suggest requisite levels of investment, and/or in...
Losses due to cyber security incidents could be very significant for organisations. This fact forces...
Investments on cybersecurity are essential for organizations to protect operational activities, deve...
In the information age, the scale and scope of cyber attacks on information systems is on the rise. ...
When investing in cyber security resources, information security managers have to follow effective d...
Creative Commons License: Attribution 4When investing in cyber security resources, information secur...
AbstractWhen investing in cyber security resources, information security managers have to follow eff...
In this paper we investigate how to optimally invest in cybersecurity controls. We are particularly ...
Cyber hygiene measures are often recommended for strengthening an organization’s security posture, e...
This work addresses the challenge “how do we make better security decisions?” and it develops techni...
Assessing and controlling cyber risk is the cornerstone of information security management, but also...
Cyber hygiene measures are often recommended for strengthening an organization’s security posture, e...
Nowadays, cyber threats are considered among the most dangerous risks by top management of enterpris...
The protection of assets, including IT resources, intellectual property and business processes, agai...
We study the decision-making problem in cybersecurity risk planning concerning resource allocation s...
In this work we attempt to develop models that can suggest requisite levels of investment, and/or in...
Losses due to cyber security incidents could be very significant for organisations. This fact forces...
Investments on cybersecurity are essential for organizations to protect operational activities, deve...
In the information age, the scale and scope of cyber attacks on information systems is on the rise. ...