Date of Award

Summer 2021

Document Type


Degree Name

Doctor of Philosophy (PhD)


Engineering Management & Systems Engineering


Engineering Management and Systems Engineering

Committee Director

C. Ariel Pinto

Committee Member

Adrian V. Gheorghe

Committee Member

James H. Warren, Jr.

Committee Member

Unal Tatar


Being a relatively new risk source, models to quantify cyber risks are not well developed; therefore, cyber risk management in most businesses depends on qualitative assessments. With the increase in the economic consequences of cyber incidents, the importance of quantifying cyber risks has increased. Cyber risk quantification is also needed to establish communication among decision-makers of different levels of an enterprise, from technical personnel to top management.

The goal of this research is to build a probabilistic cybersecurity risk analysis model that relates attack propagation with impact propagation through internal dependencies and allows temporal analysis.

The contributions of the developed research are (1) attack propagation model that adapts vulnerability scoring that is customizable for organization, and that considers temporal aspect, (2) impact propagation assessment model that is probabilistic and that allows temporal aspect (3) integrating attack propagation and business impact propagation assessment to calculate economic impacts of cyber risks.





Available for download on Thursday, September 28, 2023