This HTML5 document contains 44 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

Namespace Prefixes

PrefixIRI
dctermshttp://purl.org/dc/terms/
n2https://kar.kent.ac.uk/id/eprint/
wdrshttp://www.w3.org/2007/05/powder-s#
n20http://purl.org/ontology/bibo/status/
dchttp://purl.org/dc/elements/1.1/
rdfshttp://www.w3.org/2000/01/rdf-schema#
n4https://kar.kent.ac.uk/id/subject/
n11https://demo.openlinksw.com/about/id/entity/https/raw.githubusercontent.com/annajordanous/CO644Files/main/
n12http://eprints.org/ontology/
bibohttp://purl.org/ontology/bibo/
n6https://kar.kent.ac.uk/id/publication/
n7https://kar.kent.ac.uk/id/org/
rdfhttp://www.w3.org/1999/02/22-rdf-syntax-ns#
n15doi:10.1016/
owlhttp://www.w3.org/2002/07/owl#
n9https://kar.kent.ac.uk/91647/
n13https://kar.kent.ac.uk/id/document/
n16https://kar.kent.ac.uk/id/
n21https://kar.kent.ac.uk/id/eprint/91647#
xsdhhttp://www.w3.org/2001/XMLSchema#
n19https://demo.openlinksw.com/about/id/entity/https/www.cs.kent.ac.uk/people/staff/akj22/materials/CO644/
n5https://kar.kent.ac.uk/id/person/

Statements

Subject Item
n2:91647
rdf:type
n12:EPrint bibo:AcademicArticle n12:ArticleEPrint bibo:Article
rdfs:seeAlso
n9:
owl:sameAs
n15:j.cose.2021.102545
n12:hasAccepted
n13:3254772
n12:hasDocument
n13:3260921 n13:3260922 n13:3260923 n13:3260906 n13:3260912 n13:3260920 n13:3254781 n13:3254824 n13:3254825 n13:3254826 n13:3254772 n13:3254827
n12:hasPublished
n13:3260906
dc:hasVersion
n13:3254772 n13:3260906
dcterms:title
A System to Calculate Cyber-Value-at-Risk
wdrs:describedby
n11:export_kar_RDFN3.n3 n19:export_kar_RDFN3.n3
dcterms:date
2022-02
dcterms:creator
n5:ext-8e3a78e582275bda4b45ca6affcb1bae n5:ext-j.r.c.nurse@kent.ac.uk n5:ext-67e2325dc445c4b2e21ae9649f1e109f n5:ext-465195512e5d625478b6b4061a0ca4d3 n5:ext-48a6452e57c65fc180bc0957c9cc7cbc n5:ext-ec2f6787ba6c47304386fc6172c7b745
bibo:status
n20:peerReviewed n20:published
dcterms:publisher
n7:ext-f308aad1ef8f70546c3a197f104f2ad5
bibo:abstract
In the face of increasing numbers of cyber-attacks, it is critical for organisations to understand the risk they are exposed to even after deploying security controls. This residual risk forms part of the ongoing operational environment, and must be understood and planned for if resilience is to be achieved. However, there is a lack of rigorous frameworks to help organisations reason about how their use of risk controls can change the nature of the potential losses they face, given an often changing threat landscape. To address this gap, we present a system that calculates Cyber-Value-at-Risk (CVaR) of an organisation. CVaR is a probabilistic density function for losses from cyber-incidents, for any given threats of interest and risk control practice. It can take account of varying effectiveness of controls, the consequences for risk propagation through infrastructures, and the cyber-harms that result. We demonstrate the utility of the system in a real case study by calculating the CVaR of an organisation that experienced a significant cyber-incident. We show that the system is able to produce predictions representative of the actual financial loss. The presented system can be used by insurers offering cyber products to better inform the calculation of insurance premiums, and by organisations to reason about the effects of using particular risk control setups on reducing their exposure to cyber-risk.
dcterms:isPartOf
n6:ext-01674048 n16:repository
dcterms:subject
n4:QA75 n4:QA76 n4:T n4:H1
bibo:authorList
n21:authors
bibo:volume
113