Cyber Risk Management

MOTIVATION:

The challenge of selecting the optimal technical, organisational, legal, and other preventive and repressive measures to reduce cyber risks to acceptable levels can only be understood in the context of the application of Cyber Risk Management. Risk Management is about analysing the relationships between threats, incidents and risks (here in the complex world of cyberspace), based on which an adequate set of countermeasures can be designed.

SYNOPSIS:

Risk (= the potential to losing something of value) can manifest itself in cyberspace in all kinds of ways: values at stake are financial wealth, health, physical condition (of people, materials, goods, infrastructures, etc.), well-being, reputation, privacy, trust, etc.

Based on a conceptualisation of cyberspace and its various sub-domains (discussed in the project week of year 1), we introduce risk assessment approaches, both of qualitative and quantitative manner, illustrated with case studies.

CONTENT:

• Cyberspace

• Risk concepts

• Probabilistic and adversarial risk

• System and attacker models

• Requirements and policies

• Risk assessment methods

• Qualitative and quantitative methods

• Measuring security and effectiveness