Date of Award
Summer 2021
Document Type
Thesis
Degree Name
Doctor of Philosophy (PhD)
Department
Engineering Management & Systems Engineering
Program/Concentration
Engineering Management and Systems Engineering
Committee Director
C. Ariel Pinto
Committee Member
Adrian V. Gheorghe
Committee Member
James H. Warren, Jr.
Committee Member
Unal Tatar
Abstract
Being a relatively new risk source, models to quantify cyber risks are not well developed; therefore, cyber risk management in most businesses depends on qualitative assessments. With the increase in the economic consequences of cyber incidents, the importance of quantifying cyber risks has increased. Cyber risk quantification is also needed to establish communication among decision-makers of different levels of an enterprise, from technical personnel to top management.
The goal of this research is to build a probabilistic cybersecurity risk analysis model that relates attack propagation with impact propagation through internal dependencies and allows temporal analysis.
The contributions of the developed research are (1) attack propagation model that adapts vulnerability scoring that is customizable for organization, and that considers temporal aspect, (2) impact propagation assessment model that is probabilistic and that allows temporal aspect (3) integrating attack propagation and business impact propagation assessment to calculate economic impacts of cyber risks.
DOI
10.25777/vxyr-p014
ISBN
9798460435784
Recommended Citation
Keskin, Omer F..
"Quantifying Cyber Risk by Integrating Attack Graph and Impact Graph"
(2021). Doctor of Philosophy (PhD), Thesis, Engineering Management & Systems Engineering, Old Dominion University, DOI: 10.25777/vxyr-p014
https://digitalcommons.odu.edu/emse_etds/185