東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Linked to FindBook

Google Book

Amazon

博客來

Making the Most of Limited Cybersecurity Budgets with Anylogic Modeling.

Record Type:	Electronic resources : Monograph/item
Title/Author:	Making the Most of Limited Cybersecurity Budgets with Anylogic Modeling./
Author:	Hamilton, George.
Description:	1 online resource (76 pages)
Notes:	Source: Masters Abstracts International, Volume: 85-01.
Contained By:	Masters Abstracts International85-01.
Subject:	Software. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=30506374click for full text (PQDT)
ISBN:	9798379852146

Making the Most of Limited Cybersecurity Budgets with Anylogic Modeling.
Hamilton, George.

Making the Most of Limited Cybersecurity Budgets with Anylogic Modeling. - 1 online resource (76 pages)

Source: Masters Abstracts International, Volume: 85-01.

Thesis (M.Sc.)--Purdue University, 2022.

Includes bibliographical references

In an increasingly interconnected world, technology is now central to the operations of most businesses. In this environment, businesses of all sizes face an ever-growing threat from cyberattacks. Successful cyberattacks can result in data breaches, which may lead to financial loss, business interruptions, regulatory fines, and reputational damage. In 2021, the losses from cyber attacks in the United States were estimated at $6.9 Billion [4].Confronting the threat of cyberattacks can be particularly challenging for small businesses, which must defend themselves using a smaller budget and less in-house talent while balancing the pursuit of growth. Risk assessments are one method for organizations to determine how to best use their cybersecurity budgets. However, for small businesses, a risk assessment may require a significant portion of the budget which could otherwise be used to implement cybersecurity controls.This research builds on existing research from Lerums et al. for simulating a phishing attack to present a model that very small businesses may use in place of or as a precursor to a risk assessment [1]. The updated model includes sensible default values for the cost and effectiveness of cybersecurity controls as well as the number of cyberattacks expected per year. Default values are based on academic literature, technical reports, and vendor estimates, but they may all be changed by organizations using the model. The updated model can also be tailored by non-technical users to reflect their network, relevant threat actors, and budget. Lastly, the updated model can output an optimized control set that yields the maximum annual net return and the single control with the greatest annual return on investment based on a user's inputs.After construction, the updated model is tested on organizations with 5, 25, and 50 employees facing varied sets of threat actors and attacks per year. Key takeaways include the high net return of all security controls tested, benefits of defense-in-depth strategies for maximizing return across multiple attack types, and the role of threat actors in tempering high estimates of security control effectiveness.

Electronic reproduction.
Ann Arbor, Mich. :
ProQuest,
2023

Mode of access: World Wide Web

ISBN: 9798379852146Subjects--Topical Terms:

619355
Software.
Index Terms--Genre/Form:

542853
Electronic books.

Making the Most of Limited Cybersecurity Budgets with Anylogic Modeling.
LDR:03351nmm a2200325K 4500 001 2360281
005 20230926101830.5
006 m o d
007 cr mn ---uuuuu
008 241011s2022 xx obm 000 0 eng d
020 $a 9798379852146
035 $a (MiAaPQ)AAI30506374
035 $a (MiAaPQ)Purdue20369418
035 $a AAI30506374
040 $a MiAaPQ $b eng $c MiAaPQ $d NTU
100 1 $a Hamilton, George. $3 3700896
245 1 0 $a Making the Most of Limited Cybersecurity Budgets with Anylogic Modeling.
264 0 $c 2022
300 $a 1 online resource (76 pages)
336 $a text $b txt $2 rdacontent
337 $a computer $b c $2 rdamedia
338 $a online resource $b cr $2 rdacarrier
500 $a Source: Masters Abstracts International, Volume: 85-01.
500 $a Advisor: Dietz, J. Eric.
502 $a Thesis (M.Sc.)--Purdue University, 2022.
504 $a Includes bibliographical references
520 $a In an increasingly interconnected world, technology is now central to the operations of most businesses. In this environment, businesses of all sizes face an ever-growing threat from cyberattacks. Successful cyberattacks can result in data breaches, which may lead to financial loss, business interruptions, regulatory fines, and reputational damage. In 2021, the losses from cyber attacks in the United States were estimated at $6.9 Billion [4].Confronting the threat of cyberattacks can be particularly challenging for small businesses, which must defend themselves using a smaller budget and less in-house talent while balancing the pursuit of growth. Risk assessments are one method for organizations to determine how to best use their cybersecurity budgets. However, for small businesses, a risk assessment may require a significant portion of the budget which could otherwise be used to implement cybersecurity controls.This research builds on existing research from Lerums et al. for simulating a phishing attack to present a model that very small businesses may use in place of or as a precursor to a risk assessment [1]. The updated model includes sensible default values for the cost and effectiveness of cybersecurity controls as well as the number of cyberattacks expected per year. Default values are based on academic literature, technical reports, and vendor estimates, but they may all be changed by organizations using the model. The updated model can also be tailored by non-technical users to reflect their network, relevant threat actors, and budget. Lastly, the updated model can output an optimized control set that yields the maximum annual net return and the single control with the greatest annual return on investment based on a user's inputs.After construction, the updated model is tested on organizations with 5, 25, and 50 employees facing varied sets of threat actors and attacks per year. Key takeaways include the high net return of all security controls tested, benefits of defense-in-depth strategies for maximizing return across multiple attack types, and the role of threat actors in tempering high estimates of security control effectiveness.
533 $a Electronic reproduction. $b Ann Arbor, Mich. : $c ProQuest, $d 2023
538 $a Mode of access: World Wide Web
650 4 $a Software. $2 gtt. $3 619355
650 4 $a Data integrity. $3 2142314
650 4 $a Decision making. $3 517204
650 4 $a Computer science. $3 523869
650 4 $a Computer security. $3 540555
655 7 $a Electronic books. $2 lcsh $3 542853
690 $a 0984
710 2 $a ProQuest Information and Learning Co. $3 783688
710 2 $a Purdue University. $3 1017663
773 0 $t Masters Abstracts International $g 85-01.
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=30506374 $z click for full text (PQDT)