Cyber-Risk Management

  • Atle Refsdal
  • Bjørnar Solhaug
  • Ketil Stølen
Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)

Table of contents

  1. Front Matter
    Pages i-xi
  2. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
    Pages 1-6
  3. Conceptual Introduction

    1. Front Matter
      Pages 7-7
    2. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 9-24
    3. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 25-27
    4. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 29-32
    5. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 33-47
  4. Cyber-Risk Assessment Exemplified

    1. Front Matter
      Pages 49-49
    2. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 51-60
    3. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 61-80
    4. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 81-89
    5. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 91-96
    6. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 97-103
  5. Known Challenges and How to Address Them in Practice

    1. Front Matter
      Pages 105-105
    2. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 107-110
    3. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 111-116
    4. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 117-121
    5. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 123-127
    6. Atle Refsdal, Bjørnar Solhaug, Ketil Stølen
      Pages 129-131
  6. Back Matter
    Pages 133-145

About this book

Introduction

This book provides a brief and general introduction to cybersecurity and cyber-risk assessment. Not limited to a specific approach or technique, its focus is highly pragmatic and is based on established international standards (including ISO 31000) as well as industrial best practices. It explains how cyber-risk assessment should be conducted, which techniques should be used when, what the typical challenges and problems are, and how they should be addressed.

The content is divided into three parts. First, part I provides a conceptual introduction to the topic of risk management in general and to cybersecurity and cyber-risk management in particular. Next, part II presents the main stages of cyber-risk assessment from context establishment to risk treatment and acceptance,  each illustrated by a running example. Finally, part III details four important challenges and how to reasonably deal with them in practice: risk measurement, risk scales, uncertainty, and low-frequency risks with high consequence.

The target audience is mainly practitioners and students who are interested in the fundamentals and basic principles and techniques of security risk assessment, as well as lecturers seeking teaching material. The book provides an overview of the cyber-risk assessment process, the tasks involved, and how to complete them in practice.

Keywords

Application Security ISO 31000 Probability and Statistics Risk Analysis Risk managment Software Development Systems Security

Authors and affiliations

  • Atle Refsdal
    • 1
  • Bjørnar Solhaug
    • 2
  • Ketil Stølen
    • 3
  1. 1.SINTEF ICTOsloNorway
  2. 2.SINTEF ICTOsloNorway
  3. 3.SINTEF ICTOsloNorway

Bibliographic information

  • DOI https://doi.org/10.1007/978-3-319-23570-7
  • Copyright Information The Author(s) 2015
  • Publisher Name Springer, Cham
  • eBook Packages Computer Science
  • Print ISBN 978-3-319-23569-1
  • Online ISBN 978-3-319-23570-7
  • Series Print ISSN 2191-5768
  • Series Online ISSN 2191-5776
  • About this book