Cybersecurity Acquisition Framework Based on Risk Management: Economics Perspective
Document Type
Report
Publication Date
2020
Publication Title
Proceedings of the Seventeenth Annual Acquisition Research Symposium
Pages
13 pp.
Conference Name
Seventeenth Annual Acquisition Research Symposium
Abstract
Investments in the cyber domain are subject to constraints that may be similar to those in other domains, such as cost and effectiveness. However, cyber is a dynamic domain where the effectiveness and efficiency of investments are harder to measure. The interdependency of assets poses an additional challenge to make decisions on investments for the cyber domain. Therefore, organizations need to answer hard questions: whether, how much, and when to invest in cybersecurity. Analyzing the attack surface of a system or an enterprise in cyberspace, prioritizing assets according to their business values, and quantifying cybersecurity risk in monetary values would help to make better decisions while choosing a risk management strategy. The aim of this article is to develop a risk-informed cybersecurity investment decision model by considering the ripple effects in an organization based on the Functional Dependency Network Analysis (FDNA) methodology. Several simulations are conducted to test the effectiveness of the developed model.
Original Publication Citation
Kucukkaya, G., Keskin, O., Kucukozyigit, A., Pinto, C., Tatar, U., & Alfaqiri, A. (2020). Cybersecurity Acquisition Framework Based on Risk Management: Economics Perspective. http://hdl.handle.net/10945/65981
Repository Citation
Kucukkaya, Goksel; Keskin, Omer; Kucukozyigit, Ali Can; Pinto, C. Ariel; Tatar, Unal; and Alfaqiri, Abdulrahman, "Cybersecurity Acquisition Framework Based on Risk Management: Economics Perspective" (2020). Engineering Management & Systems Engineering Faculty Publications. 78.
https://digitalcommons.odu.edu/emse_fac_pubs/78
Comments
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.