Please use this identifier to cite or link to this item:
Title: Cybersecurity Acquisition Framework Based on Risk Management: Economics Perspective
Authors: C. Ariel Pinto
Unal Tatar
Omer Keskin
Ali Can Kucukozyigit
Goksel Kucukkaya
Omer Ilker Poyraz
Abdulrahman Alfaqiri
Keywords: Cybersecurity
Acquisition Framework
Risk Management
Economics Perspective
Issue Date: 30-Mar-2020
Publisher: Acquisition Research Program
Citation: Published--Unlimited Distribution
Series/Report no.: Cybersecurity;SYM-AM-20-058
Abstract: Investments in the cyber domain are subject to constraints that may be similar to those in other domains, such as cost and effectiveness. However, cyber is a dynamic domain where the effectiveness and efficiency of investments are harder to measure. The interdependency of assets poses an additional challenge to make decisions on investments for the cyber domain. Therefore, organizations need to answer hard questions: whether, how much, and when to invest in cybersecurity. Analyzing the attack surface of a system or an enterprise in cyberspace, prioritizing assets according to their business values, and quantifying cybersecurity risk in monetary values would help to make better decisions while choosing a risk management strategy. The aim of this article is to develop a risk-informed cybersecurity investment decision model by considering the ripple effects in an organization based on the Functional Dependency Network Analysis (FDNA) methodology. Several simulations are conducted to test the effectiveness of the developed model.
Description: Acquisition Management / Defense Acquisition Community Contributor
Appears in Collections:Annual Acquisition Research Symposium Proceedings & Presentations

Files in This Item:
File Description SizeFormat 
SYM-AM-20-058.pdf600.85 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.