Augmented AI-Knowledge Driven Intelligent Systems for Adversarial-Dynamic Uncertainty and Complexity
The latest #ai–#cybersecurity–#knowledgemanagement practices advance the future of #riskmanagement practices. The article highlights the importance of risk management and #cyberresilience in a dynamic world characterized by #uncertainty and complexity. Lire
The Cybersecurity Obligations of States Perceived as Platforms: Are Current European National Cybersecurity Strategies Enough?
The study highlights that while modern states have developed concrete strategies to respond to potential threats, the resemblance of these strategies to one another could create unexpected challenges. The dynamic nature of the internet and the multitude of actors and sources of risk could put conventional wisdom to the test at a stage where the […]
Managing Cyber Risk, a Science in the Making
“After reviewing the main characteristics of cyber risk, we consider the three layers of cyber space: hardware, software and psycho-cognitive layer.” Lire
Risk Management and the Board of Directors
“… new risks—and the intensification of longstanding risks—are pressure-testing the agility and resilience of corporate strategies, risk management systems and practices.” Lire
Cyber Risk: Hyperconnectivity and the Political Economy of Uncertainty
“This paper explores the notion of ‘cyber risk’, asking how we might understand it through a sociotechnical lens. It pays specific attention to how we can theorise cyber risk as an assemblage of sociotechnical ‘riskscapes’, in which our understanding of risk goes beyond organisational imperatives of ‘risk management’ and into treating cyber risk as a set of productive knowledges and practices within a […]
Building Resilience in Cybersecurity — An Artificial Lab Approach
“Using the lab, in numerical case studies, we identify two classes of measures to control systemic cyber risks: security- and topology-based interventions. We discuss the implications of our findings on selected real-world cybersecurity measures currently applied in the insurance and regulation practice or under discussion for future cyber risk control. To this end, we provide […]
Cyber Threats to Business: Identifying and Responding to Digital Attacks
“We believe our paper adds to the important body of cybersecurity literature that explores the roles of government and business, particularly corporate directors, in the governance of data security.” Lire
Supply Chain Characteristics as Predictors of Cyber Risk: A Machine-Learning Assessment
“… supply chain network features add significant detection power to predicting enterprise cyber risk, relative to merely using enterprise-only attributes. Particularly, compared to a base model that relies only on internal enterprise features… Given that each cyber data breach is a low probability high impact risk event, these improvements in the prediction power have significant […]
Cybersecurity Risk and Corporate Cash Holdings
“Using a large sample of U.S. firms over the period 2007-2017, we find that when cybersecurity risk is higher, firms hold more cash.” Lire
Malware Classification Using Feature Reduction Method and Autoscaling
“These attacks are unknown to the human eye due to malicious intent to harm any underlying infrastructure. So, to overcome the problems and make a flexible solution, we propose a framework where machine learning algorithms are applied to find relevant features from the existing dataset.” Lire
Cybersecurity, Cloud and Critical Infrastructure
“… there is a risk that the EU’s Network and Information Systems Directive (‘NIS Directive’) might lead to only incremental improvements in the cybersecurity of Europe’s critical infrastructure and digital services, while generating substantial compliance activity, aimed at placating regulators and reassuring the general public.” Lire
The Tensions of Cyber-Resilience: From Sensemaking to Practice
“We apply Weick’s (1995) sensemaking framework to examine four foundational tensions of cyber-resilience: a definitional tension, an environmental tension, an internal tension, and a regulatory tension. We then document how these tensions are embedded in cyber-resilience practices at the preparatory, response and adaptive stages. We rely on qualitative data from a sample of 58 cybersecurity […]
Auditors’ Response to Cybersecurity Risk: Human Capital Investment and Cross-Client Influence
“Our evidence also implies that client firms that share the same audit office as breached firms increase their disclosure of cybersecurity risk and their demand for cybersecurity human capital. Reconciling with the Bayesian learning theory, these effects only manifest for auditors located in states that have been only sporadically exposed to data breaches.” Lire
A Mathematical Model for Risk Assessment of Social Engineering Attacks
“Social engineering is a very common type of malicious activity conducted on cyberspace that targets both individuals and companies in order to gain access to information or systems. It is part of the broader domain of cybersecurity and the first step to mitigate this type of attack is to know its attack vectors. This way, […]
A Pathway Model to Five Lines of Accountability in Cybersecurity Governance
“Organizations closest to full adoption are those under the prudential regulation (coercive forces), whereas efficiency motives and mimetic forces drive organizations to seek fluidity by ‘blending’ the segregated lines to ensure fast reactions to changing environment.” Lire
Strategies for Boosting Cybersecurity
“… businesses have basic cybersecurity responsibilities and fundamental duties to operate securely in a digital society.” Lire
Cyber Risk Assessment for Capital Management
“There appears a gap in cyber risk modeling between engineering and insurance literature. This paper presents a novel model to capture these unique dynamics of cyber risk known from engineering and to model loss distributions based on industry loss data and a particular company’s cybersecurity profile. The analysis leads to a new tool for allocating […]
Business Impact Analysis and Its Connection to Security Risk Management
“Likelihood and impact are variables that are stressed when characterizing risks, evolving as an organization increases scalability and network infrastructure. Effective security risk management preparation relies severely on initiative-taking and adversarial mindsets.” Lire
The Economics of Information and Human Factors in Cybersecurity
“We show how to use Schelling’s focal points together with Kahneman & Tversky’s reference points and related concepts from behavioural economics to complement technical innovations and improve threat detection and deterrence.” Lire
Cybersecurity and Financial Stability
“Cyber attacks can impair banks operations and precipitate bank runs. When digital infrastructure is shared, banks defend themselves by investing in cybersecurity but can free-ride on the security measures of others. Ex ante free-riding by banks interacts with the ex post coordination frictions underpinning bank runs.” Lire