Cyber Risk Measurement and Management: An Introduction to Cybernomics examines the indispensable role of economic modeling in the future of digitization, thus providing industry professionals with the tools they need to optimize the management of financial risks associated with this mega trend. The book addresses three problem areas, including the valuation of digital assets, quantification of risk exposures of digital valuables, and economic modeling for the management of such risks. Employing a novel cyber risk measurement unit, the book includes value, risk, control and cost, each of which are viewed from the perspective of entity, portfolio and global ramifications.
- Brings cutting-edge risk management practices regarding cyber security risk mitigation
- Focuses on topics such as insurance, ISO standards and supply chain vulnerabilities
- Presents a model to convert domain-based control assessments to scenario-based control assessments
- Estimates costs of improvements to strengthen control effectiveness against a given scenario
- Applies classic risk management options (risk acceptance, risk avoidance, risk mitigation and risk transfer) to cyber risk
Section 1 Valuation of Digital Assets 2. Intrinsic, Market and Subjective Value of Digital Assets 3. Nature of Digital Infrastructure 4. Value Aggregation in the Digital Supply Chain
Section 2 Inherent Risks of Digital Valuables 5. A Data-centric View of Entity-level Inherent Cyber Risk Profiling 6. Nature of a Cyber Loss Event 7. Cyber Risk Accumulation in a Portfolio of Entities 8. Defining the Cyber Risk Unit
Section 3 Control Effectiveness for Cyber Risk 9. Measuring Cyber Risk Exposure: the Conversion from Qualitative Risk Assessments to Quantitative Measurements 10. Value of Benchmarking and the Influence of Peers 11. Measuring Return of Investment (ROI) for Cyber Transformation Programs
Section 4 Capital Modelling for Managing Residual Cyber Risk 12. Quantifying Residual Cyber Risk Using Structured Loss Scenario Analysis 13. Articulation of Cyber Risk Appetite 14. Transferring Residual Cyber Risk through Insurance 15. Point of Diminishing Returns for Cyber Resilience Investment
Keyun Ruan is a computer scientist, consultant and entrepreneur. She coined the term "cloud forensics during her Ph.D. in cybercrime investigation. She pioneered the field with foundational publications, talks, and she edited the world's first academic reference book, making her one of the most cited scholar on the topic. She led and contributed to working groups commissioned by the U.S. government and European Commission to advance industry standards in this area. She advised on the forensic architecture for a leading European telecommunications company, and worked as chief scientist at the largest Irish information security firm at 26. She has been involved in cyber risk modeling for leading insurers and reinsurers since 2012. She is currently leading the solution development on cyber risk analytics and economic modelling within EY (formally Ernst & Young) for its global clients. She also serves as technical advisor to Corvil.com, an advanced real-time network analytics company which monitors 90% of the world's trading data. She was named by Irish Independent "30 under 30 shaping Ireland's future in 2014.