Abstract

This chapter sets out by discussing risk as a multidimensional concept and its different interpretations in natural and social science, the “relatively objective” nature of risk, decision theory, acceptable risk, the microeconomic and macroeconomic risks within enterprise risk management, and how cyber risk is spilling over into all areas of enterprise risk. This chapter then provides a review on current methods in use for cyber risk management, including risk assessment, risk classification, threat modeling, vulnerability assessment, impact analysis, risk mitigation, effectiveness assessment, and continuous monitoring. Current quantitative and qualitative risk models ...