2019
DOI: 10.1111/risa.13269
|View full text |Cite
|
Sign up to set email alerts
|

A Robust Approach for Mitigating Risks in Cyber Supply Chains

Abstract: In recent years, there have been growing concerns regarding risks in federal information technology (IT) supply chains in the United States that protect cyber infrastructure. A critical need faced by decisionmakers is to prioritize investment in security mitigations to maximally reduce risks in IT supply chains. We extend existing stochastic expected budgeted maximum multiple coverage models that identify "good" solutions on average that may be unacceptable in certain circumstances. We propose three alternativ… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
14
0
4

Year Published

2019
2019
2024
2024

Publication Types

Select...
5
3

Relationship

1
7

Authors

Journals

citations
Cited by 28 publications
(18 citation statements)
references
References 22 publications
0
14
0
4
Order By: Relevance
“…Additionally, they address the uncertainty regarding mitigation effectiveness, a widely recognized issue (Boyens et al, ; U.S. Government Accountability Office, ), by proposing a stochastic model variant. Zheng and Albert ()) extend this model to consider worst‐case and conditional variance at risk objectives. However, neither of these papers explicitly consider adaptive adversaries.…”
Section: Introductionmentioning
confidence: 99%
“…Additionally, they address the uncertainty regarding mitigation effectiveness, a widely recognized issue (Boyens et al, ; U.S. Government Accountability Office, ), by proposing a stochastic model variant. Zheng and Albert ()) extend this model to consider worst‐case and conditional variance at risk objectives. However, neither of these papers explicitly consider adaptive adversaries.…”
Section: Introductionmentioning
confidence: 99%
“…Both value-at-risk and expected shortfall measures enable decision-makers to modulate their management according to different risk preferences: α close to 0 being more risk neutral, and α close to 1 more risk conservative [69]. More generally, VaR and ES measures enable the ranking and comparison of risk management options and leave to decision-makers the final decision, depending on their personality and on their political, social and/or budgetary constraints.…”
Section: Main Methodological Outcomes Of the Workmentioning
confidence: 99%
“…No clear-cut recommendation can be given on the choice of α since the latter is a user-defined parameter that reflects the risk attitudes of the decision-maker [69]. Here, value-at-risk and expected shortfall are evaluated for different temporal horizons t (in years).…”
Section: Quantile-based Risk Measuresmentioning
confidence: 99%
“…Once modern cities rely on interdependent infrastructures and disruptions often propagate through this infrastructure network, researchers in study [35] developed a model that will systematically investigate the mutual influence between the infrastructures and the communities in order to redistribute resources. In review [36], the authors addressed population displacement during natural disasters, offering guidelines for civil infrastructure system models assisting recovery managers and transportation system managers with reducing the length of time people are displaced. In [37], researchers provided important tools and insights for decision-makers on different actions to take to manage risks under uncertainty.…”
Section: Systematic Literature Surveymentioning
confidence: 99%