Cybersecurity breach probability functions describe how cybersecurity investments impact the actual vulnerability to cyberattacks through the probability of success of the attack. They essentially use mathematical models to make cyber-risk management choices. This paper provides an overview of the breach probability models that appear in the literature. For each of them, the form of the mathematical functions and their properties are described. The models exhibit a wide variety of functional relationships between breach probability and investments, including linear, concave, convex, and a mixture of the latter two. Each model describes a parametric family, with some models have a single parameter, and others have two. A sensitivity analysis completes the overview to identify the impact of the model parameters: the estimation of the parameters which have a larger influence on the breach probability is more critical and deserves greater attention.

Mazzoccoli, A., Naldi, M. (2022). An Overview of Security Breach Probability Models. RISKS, 10(11), 220 [10.3390/risks10110220].

An Overview of Security Breach Probability Models

Mazzoccoli, Alessandro;Naldi, Maurizio
2022

Abstract

Cybersecurity breach probability functions describe how cybersecurity investments impact the actual vulnerability to cyberattacks through the probability of success of the attack. They essentially use mathematical models to make cyber-risk management choices. This paper provides an overview of the breach probability models that appear in the literature. For each of them, the form of the mathematical functions and their properties are described. The models exhibit a wide variety of functional relationships between breach probability and investments, including linear, concave, convex, and a mixture of the latter two. Each model describes a parametric family, with some models have a single parameter, and others have two. A sensitivity analysis completes the overview to identify the impact of the model parameters: the estimation of the parameters which have a larger influence on the breach probability is more critical and deserves greater attention.
Mazzoccoli, A., Naldi, M. (2022). An Overview of Security Breach Probability Models. RISKS, 10(11), 220 [10.3390/risks10110220].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11590/423077
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact