Maria Tsiodra scite author profile

Maria Tsiodra

3Publications

0Citation Statements Received

97Citation Statements Given

How they've been cited

How they cite others

104

Affiliations

The Open University, City, University of London

Publications

Order By: Most citations

The SPIDER Cyber Security Investment Component (CIC)

Tsiodra

Chronopoulos

Ghering³

et al. 2021

View full text Add to dashboard Cite

Recent security incidents worldwide demonstrate the increase in the complexity and severity of cyber security threats. The attackers become better organized and the attack vectors are using more advanced methods and tools. Therefore, within the currently evolving and complex 5G cyber security landscape, both businesses and end-users need to find ways to enhance their cyber security preparedness level in order to safeguard their infrastructures and assets. Additionally, modern organizations need to invest in cyber security technologies to proactively address the identified cyber risks, based on the specific individual characteristics of their infrastructures. For this reason, investing in cyber security constitutes nowadays an essential financial and operational decision aiming to reduce the financial risk that successful cyber-attacks entail. In this paper, we demonstrate how capital budgeting techniques for gauging the financial risk of cyber attacks may be integrated within an optimisation model for optimal selection of mitigation measures into a single unified decision-making framework.

show abstract

A bi-level model for optimal capacity investment and subsidy design under risk aversion and uncertainty

Tsiodra

Chronopoulos

2021

Journal of the Operational Research Society

View full text Add to dashboard Cite

Meeting ambitious sustainability targets motivated by climate change concerns requires the structural transformation of many industries and the careful alignment of firm-and Government-level policymaking. While private firms rely on Government support to achieve timely the necessary green investment intensity, Governments rely on private firms to tackle financial constraints and technology transfer. This interaction is analysed in the real options literature only under risk neutrality, and, consequently, the implications of risk aversion due to the idiosyncratic risk that green technologies entail are overlooked. To analyse how this interaction impacts a firm's investment policy and a Government's subsidy design under uncertainty and risk aversion, we develop a real options framework, whereby: (i) we solve the firm's investment problem assuming an exogenous subsidy; (ii) conditional on the firm's optimal investment policy, we address the Government's optimisation objective and derive the optimal subsidy level; (iii) we insert the optimal subsidy level in (i) to derive the firm's endogenous investment policy. Contrary to existing literature, results indicate that greater risk aversion lowers the amount of installed capacity yet postpones investment. Also, although greater uncertainty raises the optimal subsidy under risk neutrality, the impact of uncertainty is reversed under high levels of risk aversion.

show abstract

Cyber Risk Assessment and Optimization: A Small Business Case Study

et al. 2023

View full text Add to dashboard Cite

Assessing and controlling cyber risk is the cornerstone of information security management, but also a formidable challenge for organisations due to the uncertainties associated with attacks, the resulting risk exposure, and the availability of scarce resources for investment in mitigation measures. In this paper, we propose a cybersecurity decision-support framework, called CENSOR, for optimal cyber security investment. CENSOR accounts for the serial nature of a cyber attack, the uncertainty in the time required to exploit a vulnerability, and the optimisation of mitigation measures in the presence of a limited budget. First, we evaluate the cost that an organisation incurs due to a cyber security breach that progresses in stages and derive an analytical expression for the distribution of the present value of the cost. Second, we adopt a Set Covering and a Knapsack formulation to derive and compare optimal strategies for investment in mitigation measures. Third, we validate CENSOR via a case study of a small business (SB) based on: (i) the 2020 Common Weakness Enumeration (CWE) top 25 most dangerous software weaknesses; and (ii) the Center for Internet Security (CIS) Controls. Specifically, we demonstrate how the Knapsack formulation provides solutions that are both more affordable and entail lower risk compared to those of the Set Covering formulation. Interestingly, our results confirm that investing more in cybersecurity does not necessarily lead to an analogous cyber risk reduction, which indicates that the latter decelerates beyond a certain point of security investment intensity.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Maria Tsiodra

The SPIDER Cyber Security Investment Component (CIC)

A bi-level model for optimal capacity investment and subsidy design under risk aversion and uncertainty

Cyber Risk Assessment and Optimization: A Small Business Case Study

Contact Info

Product

Resources

About