Enhancing cyber risk decision-making with a quantified risk management model for U.S. and Canadian organizations
1 Cadillac Fairview, Ontario, Canada.
2 Montclair State University, Montclair, New Jersey, USA.
3 GLOBACOM Nigeria Limited.
4 Independent Researcher, Texas, USA.
Review Article
GSC Advanced Research and Reviews, 2024, 21(01), 481-502.
Article DOI: 10.30574/gscarr.2024.21.1.0400
Publication history:
Received on 16 September 2024; revised on 24 October 2024; accepted on 26 October 2024.
Abstract:
As cyber threats continue to evolve in complexity and frequency, organizations in the U.S. and Canada face significant challenges in making informed decisions to manage and mitigate risks effectively. This paper proposes a Quantified Cyber Risk Management Model (QCRMM) to enhance decision-making processes in the face of these dynamic threats. The model integrates quantitative risk assessment methodologies, advanced data analytics, and threat modeling techniques to enable organizations to identify, evaluate, and prioritize cyber risks in a structured manner. The QCRMM emphasizes a data-driven approach to risk management, utilizing key performance indicators (KPIs) and risk metrics to quantify potential impacts and the likelihood of cyber incidents. It incorporates tools such as Monte Carlo simulations and Bayesian networks for predicting and assessing the probability of various cyberattack scenarios, thus allowing organizations to make more accurate and informed decisions regarding risk mitigation strategies. Additionally, the model provides decision-makers with actionable insights that support cost-effective allocation of resources to safeguard critical assets. The model is designed to be flexible, adaptable, and scalable for organizations across diverse sectors, including finance, healthcare, energy, and critical infrastructure. By aligning with regional regulatory frameworks, such as the NIST Cybersecurity Framework in the U.S. and Canada’s Cyber Security Strategy, the QCRMM ensures compliance with best practices and legal requirements while fostering a robust cybersecurity posture. Case studies demonstrate the application of the QCRMM in improving risk prioritization and resource allocation in organizations, resulting in a reduction of potential financial losses, minimized operational disruptions, and improved organizational resilience to cyber threats. In conclusion, the QCRMM provides a comprehensive, quantifiable approach to enhancing cyber risk decision-making, helping organizations in the U.S. and Canada make informed, proactive decisions to defend against the evolving cyber threat landscape. This model empowers organizations to strategically address cyber risks with a focus on minimizing impacts while optimizing resources.
Keywords:
Cyber Risk Management; Quantified Risk; Decision-Making; U.S.; Canada; Data Analytics; Monte Carlo Simulation; Bayesian Networks; NIST Framework; Risk Mitigation
Full text article in PDF:
Copyright information:
Copyright © 2024 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0
