English

An Adversarial Risk Analysis Framework for Cybersecurity

Cryptography and Security 2019-03-20 v1

Abstract

Cyber threats affect all kinds of organisations. Risk analysis is an essential methodology for cybersecurity as it allows organisations to deal with the cyber threats potentially affecting them, prioritise the defence of their assets and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both adversarial and non-intentional threats and the use of insurance as part of the security portfolio. A case study illustrating the proposed framework is presented, serving as template for more complex cases.

Keywords

Cite

@article{arxiv.1903.07727,
  title  = {An Adversarial Risk Analysis Framework for Cybersecurity},
  author = {David Rios Insua and Aitor Couce Vieira and Jose Antonio Rubio and Wolter Pieters and Katsiaryna Labunets and Daniel Garcia Rasines},
  journal= {arXiv preprint arXiv:1903.07727},
  year   = {2019}
}
R2 v1 2026-06-23T08:12:10.535Z