Loading...

Media is loading
 

Paper Type

Complete

Description

Vulnerable information systems inside an organization make it prone to cyber-attacks, leading to loss of reputation, financial loss, customer churn, and loss of future prospects. In our study, we assess, quantify, and mitigate the cyber-attack risk generated due to the vulnerable information technology assets using our proposed Vulnerability-based Cyber-Risk Management Model (VCRMM). We leverage Protection Motivation Theory and cyber-kill chain to assess the cyber risk based on specific characteristics of vulnerabilities. We perform text mining using the topic modelling technique, Latent Dirichlet Allocation, find a correlation between the topics, and then classify the severity rating of vulnerabilities. The higher the severity rating of any vulnerability, the greater the probability of cyber-attack (p) any organization faces. Next, we quantify the cyber-attack risk in terms of expected losses. Finally, based on Rational Choice Theory and NIST-guided Vulnerability Management Process, we propose mitigation strategies to reduce, accept, or transfer the cyber-attack risk.

Paper Number

1500

Comments

SIG SEC

Share

COinS
 
Aug 10th, 12:00 AM

Vulnerability-based Cyber-Risk Management: A Text-mining Approach

Vulnerable information systems inside an organization make it prone to cyber-attacks, leading to loss of reputation, financial loss, customer churn, and loss of future prospects. In our study, we assess, quantify, and mitigate the cyber-attack risk generated due to the vulnerable information technology assets using our proposed Vulnerability-based Cyber-Risk Management Model (VCRMM). We leverage Protection Motivation Theory and cyber-kill chain to assess the cyber risk based on specific characteristics of vulnerabilities. We perform text mining using the topic modelling technique, Latent Dirichlet Allocation, find a correlation between the topics, and then classify the severity rating of vulnerabilities. The higher the severity rating of any vulnerability, the greater the probability of cyber-attack (p) any organization faces. Next, we quantify the cyber-attack risk in terms of expected losses. Finally, based on Rational Choice Theory and NIST-guided Vulnerability Management Process, we propose mitigation strategies to reduce, accept, or transfer the cyber-attack risk.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.