Please use this identifier to cite or link to this item:
https://dair.nps.edu/handle/123456789/4207
Title: | Cybersecurity Acquisition Framework Based on Risk Management: Economics Perspective |
Authors: | C. Ariel Pinto Unal Tatar Omer Keskin Ali Can Kucukozyigit Goksel Kucukkaya Omer Ilker Poyraz Abdulrahman Alfaqiri |
Keywords: | Cybersecurity Acquisition Framework Risk Management Economics Perspective |
Issue Date: | 30-Mar-2020 |
Publisher: | Acquisition Research Program |
Citation: | Published--Unlimited Distribution |
Series/Report no.: | Cybersecurity;SYM-AM-20-058 |
Abstract: | Investments in the cyber domain are subject to constraints that may be similar to those in other domains, such as cost and effectiveness. However, cyber is a dynamic domain where the effectiveness and efficiency of investments are harder to measure. The interdependency of assets poses an additional challenge to make decisions on investments for the cyber domain. Therefore, organizations need to answer hard questions: whether, how much, and when to invest in cybersecurity. Analyzing the attack surface of a system or an enterprise in cyberspace, prioritizing assets according to their business values, and quantifying cybersecurity risk in monetary values would help to make better decisions while choosing a risk management strategy. The aim of this article is to develop a risk-informed cybersecurity investment decision model by considering the ripple effects in an organization based on the Functional Dependency Network Analysis (FDNA) methodology. Several simulations are conducted to test the effectiveness of the developed model. |
Description: | Acquisition Management / Defense Acquisition Community Contributor |
URI: | https://dair.nps.edu/handle/123456789/4207 |
Appears in Collections: | Annual Acquisition Research Symposium Proceedings & Presentations |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
SYM-AM-20-058.pdf | 600.85 kB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.