Date of Award
Doctor of Philosophy (PhD)
Engineering Management & Systems Engineering
Engineering Management and Systems Engineering
C. Ariel Pinto
Adrian V. Gheorghe
James H. Warren, Jr.
Being a relatively new risk source, models to quantify cyber risks are not well developed; therefore, cyber risk management in most businesses depends on qualitative assessments. With the increase in the economic consequences of cyber incidents, the importance of quantifying cyber risks has increased. Cyber risk quantification is also needed to establish communication among decision-makers of different levels of an enterprise, from technical personnel to top management.
The goal of this research is to build a probabilistic cybersecurity risk analysis model that relates attack propagation with impact propagation through internal dependencies and allows temporal analysis.
The contributions of the developed research are (1) attack propagation model that adapts vulnerability scoring that is customizable for organization, and that considers temporal aspect, (2) impact propagation assessment model that is probabilistic and that allows temporal aspect (3) integrating attack propagation and business impact propagation assessment to calculate economic impacts of cyber risks.
Keskin, Omer F..
"Quantifying Cyber Risk by Integrating Attack Graph and Impact Graph"
(2021). Doctor of Philosophy (PhD), Thesis, Engineering Management & Systems Engineering, Old Dominion University, DOI: 10.25777/vxyr-p014
Available for download on Thursday, September 28, 2023