Integrating a Proactive Technique Into a Holistic Cyber Risk Management Approach

Marotta, Angelica; McShane, Michael K.

doi:10.1111/rmir.12109

Cited by 14 publications

(8 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In a continuously changing race with attackers always a step ahead of defenders, scholars recently call for a more proactive risk identification approach. For example, Marotta and McShane (2018) review the honeypot concept of actively attracting cyber attackers with decoy systems for the sole the purpose of understanding and identifying new types of attacks before they become widespread.…”

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

“…A cyber risk management process applies both risk mitigation and risk transfer techniques to reduce residual risk to acceptable levels (Gordon et al, 2003; Marotta & McShane, 2018; Siegel et al, 2002). Siegel et al (2002) and Gordon et al (2003) propose a cyber risk management framework that goes beyond technical risk mitigation to add risk transfer.…”

Section: Cyber Risk Management: Origins and Historical Developmentmentioning

confidence: 99%

“…Transitioning to the 21st century, various conceptual models are proposed to help identify cyber risk more efficiently (e.g., Chittester & Haimes, 2004; Hurst et al, 2014; Marotta & McShane, 2018). Chittester and Haimes (2004) propose the use of hierarchical holographic modeling and control objectives for information and related technology to identify potential risks to the supervisory control and data acquisition systems.…”

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

See 2 more Smart Citations

Cyber risk management: History and future research directions

McShane

Eling

Nguyen

2021

Risk Manage Insurance Review

Self Cite

View full text Add to dashboard Cite

Cybersecurity research started in the late 1960s and has continuously evolved under different names such as computer security and information security. This article briefly covers that history but will especially focus on the latest incarnation known as "cyber risk management," which includes both technical and economic/management dimensions. The main focus of the article is to review research on individual steps of the cyber risk management process and on the overall process to highlight gaps and determine research directions. Two main findings are that cyber risk is difficult to include in the overall enterprise risk management process and that a move toward cyber resilience is necessary to deal with such a complex risk. Both findings require a level of interdisciplinary collaboration that is currently lacking.

show abstract

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

Section: Cyber Risk Management: Origins and Historical Developmentmentioning

confidence: 99%

Section: Literature Review: By Steps Of the Risk Management Processmentioning

confidence: 99%

See 1 more Smart Citation

Cyber risk management: History and future research directions

McShane

Eling

Nguyen

2021

Risk Manage Insurance Review

Self Cite

View full text Add to dashboard Cite

show abstract

“…Analysis of root cause post detection was in important aspect in this study. [23] integration of honeypot with cyber risk management process of FEMA mission where five preparedness (Federal emergency management agency) [24] was also studied subsequently. Extended next level research was also conducted in 2019 which was improved version in the study of "A Generic Digital Forensic Readiness Model for BYOD using Honeypot Technology [23]".…”

Section: ) Deception Technologymentioning

confidence: 99%

Security Challenges and Cyber Forensic Ecosystem in IoT Driven BYOD Environment

et al. 2020

View full text Add to dashboard Cite

The usage of Internet of Things (IoT)/ Bring Your Own Devices (BYOD) has grown up exponentially, as expected 50 Billion IoT devices by the end of 2020 in the world in smart city environment. Advancement of Human Driven Edge Computing (HEC) with 5 th Generation Internet services also makes this more feasible. Use of IoT and increased demand of IoT/BYOD becomes one of the fundamental needs to increase the organization employee productivity and business agility. But it increased the significant risk of the cyber-attack which is leading a major reason for business disruption and becomes a leading question about getting a cyber secured citizenship in the smart city environment. In order to conduct forensic investigation post incident detection of malicious activities from IoT/BYOD end point is most challenging task. Secured on boarding of untrusted IoT/BYOD end points in the corporate network and detection of threats from this area and security control mechanism required a continuous new abstraction to battle with new threat landscape. A strategic practical approach in this research is presented to detect malicious activities so that organization can adopt to protect the critical and smart city infrastructure. In order to achieve the goal of detecting of malicious activities in IoT/BYOD environment, simulation performed in 3 phases. The 1st phase of the sample performed while BYOD endpoint was outside the organization over the internet without VPN. The 2 nd phase of the simulation was performed where BYOD endpoint was securely onboarded using a corporate wireless network with a secured onboarding process. The 3 rd phase of the test done where IoT/BYOD was outside the organization with a VPN. A unique robust scalable model puts forward with significant result in conclusion for creating a cyber forensic ecosystem in IoT/BYOD environment to enable cyber secured citizenship in era of HEC with 5G and IoT.

show abstract

“…Although the risks to firms from cyberattacks appear to be substantial, the actual impacts need to be further researched beyond technical journals. More recently, articles providing an overview to motivate RMI researchers to investigate cyber risk management and insurance were published (Biener et al 2015; The Geneva Association 2016; Eling and Loperfido 2017;Eling 2018;Marotta and McShane 2018). In 2018, a special issue on cyber risk management and insurance was published in The Geneva Papers on In the wake of recent cyber-related incidents, RMI academic journals are leading the way to stimulate business and economics research to understand and manage cyber risk.…”

Section: Introductionmentioning

confidence: 99%

Time-varying effects of cyberattacks on firm value

McShane

Nguyen

2020

Geneva Pap Risk Insur Issues Pract

Self Cite

View full text Add to dashboard Cite

This paper adds to research on the effect of cyber events on the attacked firm's value in light of conflicting results from previous studies. Using 536 cyberattack announcements that occurred during the 2007-2016 period, the main goal is to investigate for changes in investor reaction over time as cyberattacks have become more frequent. Empirical evidence shows that cumulative abnormal returns of attacked firms were volatile earlier in the period, became increasingly negative, but have moderated recently. This paper proposes and discusses potential explanations for this observed U-shaped pattern over the 10-year period. The relation between stock market reaction and type of attack, type of data affected, type of perpetrator and various firm level characteristics is also examined.

show abstract

Integrating a Proactive Technique Into a Holistic Cyber Risk Management Approach

Cited by 14 publications

References 32 publications

Cyber risk management: History and future research directions

Cyber risk management: History and future research directions

Security Challenges and Cyber Forensic Ecosystem in IoT Driven BYOD Environment

Time-varying effects of cyberattacks on firm value

Contact Info

Product

Resources

About