Quantifying Cyber Risk by Integrating Attack Graph and Impact Graph

Author

Omer F. Keskin, Old Dominion UniversityFollow

Date of Award

Summer 2021

Document Type

Thesis

Degree Name

Doctor of Philosophy (PhD)

Department

Engineering Management & Systems Engineering

Program/Concentration

Engineering Management and Systems Engineering

Committee Director

C. Ariel Pinto

Committee Member

Adrian V. Gheorghe

Committee Member

James H. Warren, Jr.

Committee Member

Unal Tatar

Abstract

Being a relatively new risk source, models to quantify cyber risks are not well developed; therefore, cyber risk management in most businesses depends on qualitative assessments. With the increase in the economic consequences of cyber incidents, the importance of quantifying cyber risks has increased. Cyber risk quantification is also needed to establish communication among decision-makers of different levels of an enterprise, from technical personnel to top management.

The goal of this research is to build a probabilistic cybersecurity risk analysis model that relates attack propagation with impact propagation through internal dependencies and allows temporal analysis.

The contributions of the developed research are (1) attack propagation model that adapts vulnerability scoring that is customizable for organization, and that considers temporal aspect, (2) impact propagation assessment model that is probabilistic and that allows temporal aspect (3) integrating attack propagation and business impact propagation assessment to calculate economic impacts of cyber risks.

DOI

10.25777/vxyr-p014

ISBN

9798460435784

Recommended Citation

Keskin, Omer F.. "Quantifying Cyber Risk by Integrating Attack Graph and Impact Graph" (2021). Doctor of Philosophy (PhD), Thesis, Engineering Management & Systems Engineering, Old Dominion University, DOI: 10.25777/vxyr-p014
https://digitalcommons.odu.edu/emse_etds/185