In this article, we comment on the drawbacks of the existing AI-based Bayesian network (BN) cybervulnerability analysis (C-VA) model proposed in Mukhopadhyay et al. (2013) to assess cyber-risk in IT firms, where this quantity is usually a joint distribution of multiple risk (random) variables (e.g., quality of antivirus, frequency of monitoring, etc.) coming from heterogeneous distribution families. As a major modeling drawback, Mukhopadhyay et al. (2013) assume that any pair of random variables in the BN are linearly correlated with each other. This simplistic assumption might not always hold true for general IT organizational environments. Thus, the use of the C-VA model in general will result in loose estimates of correlated IT risk and will subsequently affect cyber-insurance companies in framing profitable coverage policies for IT organizations. To this end, we propose methods to (1) find a closed-form expression for the maximal correlation arising between pairs of discrete random variables, whose value finds importance in getting robust estimates of copula-induced computations of organizational cyber-risk, and (2) arrive at a computationally effective mechanism to compute nonlinear correlations among pairs of discrete random variables in the correlation matrix of the CBBN model (Mukhopadhyay et al. 2013). We also prove that an empirical computation of MC using our method converges rapidly, that is, exponentially fast, to the true correlation value in the number of samples. Our proposed method contributes to a tighter estimate of IT cyber-risk under environments of low-risk data availability and will enable insurers to better assess organizational risks and subsequently underwrite profitable cyber-insurance policies. CCS Concepts: • Mathematics of computing → Probability and statistics; Multivariate statistics; • Security and privacy → Human and societal aspects of security and privacy; Economics of security and privacy;
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.