2015
DOI: 10.2139/ssrn.2593645
|View full text |Cite
|
Sign up to set email alerts
|

Components and Challenges of Integrated Cyber Risk Management

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
10
0

Year Published

2016
2016
2021
2021

Publication Types

Select...
4
1

Relationship

0
5

Authors

Journals

citations
Cited by 5 publications
(10 citation statements)
references
References 0 publications
0
10
0
Order By: Relevance
“…The study shows that the nodes with more degrees are more likely to be infected and have higher chances of getting affected by others' decisions. See Kosub (2015) and Eling and Schnell (2016) for comprehensive reviews of cybersecurity risk modeling and the management of cybersecurity risk.…”
Section: Introductionmentioning
confidence: 99%
“…The study shows that the nodes with more degrees are more likely to be infected and have higher chances of getting affected by others' decisions. See Kosub (2015) and Eling and Schnell (2016) for comprehensive reviews of cybersecurity risk modeling and the management of cybersecurity risk.…”
Section: Introductionmentioning
confidence: 99%
“…First of all, it is crucial to perform appropriate activities to identify the occurrence of a cybersecurity event or to determine the key cyber risks, risk appetite, and assessment of controls and vulnerabilities. Therefore, it is primarily necessary to define and understand the business model, business objectives, and assets of the organization to determine the relevance of IT to the business and ultimately agree on a level of cybersecurity (Kosub, 2015). After the identified cyber risks and their relevance to the organization have been analyzed, they must each be quantified, assessed and evaluated in terms of probability of occurrence and potential impact (McKinsey, 2019), e.g.…”
Section: Organizational Aspects Of Cybersecuritymentioning
confidence: 99%
“…The risk treatment option is based on the outcome of the risk assessment result. The priorities of each individual risk should be defined clearly for the implementation and their timeframes [8], [31]. The purpose of risk treatment activity is to specify which security controls need to implemented, who is responsible for it, what the deadlines are and which resources, for example, financial or human, are required for the implementation.…”
Section: Risk Treatmentmentioning
confidence: 99%
“…The controls from Annex A of ISO/IEC 27001:2013 [8], [9] are useful in handling and helping to reduce the risks encountered. Risk treatment will reduce the risks which are not acceptable by using the controls from Annex A in ISO/IEC 27001.…”
Section: Introductionmentioning
confidence: 99%