Document Type

Conference Paper

Publication Date


Publication Title

Proceedings of the 13th International Conference on Cyber Warfare and Security: ICCWS 2018: hosted by National Defense University, Washington, D.C. USA, 8-9 March 2018



Conference Name

13th International Conference on Cyber Warfare and Security ICCWS 2018


Managing risk of cyber systems is still on the top of the agendas of Chief Information Security Officers (CISO). Investment in cybersecurity is continuously rising. Efficiency and effectiveness of cybersecurity investments are under scrutiny by boards of the companies. The primary method of decision making on cybersecurity adopts a risk-informed approach. Qualitative methods bring a notion of risk. However, particularly for strategic level decisions, more quantitative methods that can calculate the risk and impact in monetary values are required. In this study, a model is built to calculate the economic value of business interruption during a Distributed Denial-of-Service (DDoS) attack to help decision-makers for selecting the most effective mitigation strategy (ie, acceptance, avoidance, transferal or control). The model is applied to a simulated DDoS attack targeting a distance learning system of a higher education institution. The simulation results show when it is appropriate to accept the risk, buy cyber insurance as a method of risk transfer, or buy DDoS prevention system as a method of risk control.


© 2018 The Authors. All rights reserved.

Included in accordance with publisher policy.


0000-0001-8233-9566 (Tatar), 0000-0003-2830-675X (Gheorghe)

Original Publication Citation

Keskin, O., Tatar, U., Poyraz, O., Pinto, A., & Gheorghe, A. (2018) Economics-based risk management of distributed denial of service attacks: A distance learning case study. In J. S. Hurley & J. Q. Chen (Eds.), Proceedings of the 13th International Conference on Cyber Warfare and Security: ICCWS 2018 (pp. 343-352). Academic Conferences Ltd.