Municipal cyber risk modeling using cryptographic computing to inform cyber policymaking
CoRR(2024)
摘要
Municipalities are vulnerable to cyberattacks with devastating consequences,
but they lack key information to evaluate their own risk and compare their
security posture to peers. Using data from 83 municipalities collected via a
cryptographically secure computation platform about their security posture,
incidents, security control failures, and losses, we build data-driven cyber
risk models and cyber security benchmarks for municipalities. We produce
benchmarks of the security posture in a sector, the frequency of cyber
incidents, forecasted annual losses for organizations based on their defensive
posture, and a weighting of cyber controls based on their individual failure
rates and associated losses. Combined, these four items can help guide cyber
policymaking by quantifying the cyber risk in a sector, identifying gaps that
need to be addressed, prioritizing policy interventions, and tracking progress
of those interventions over time. In the case of the municipalities, these
newly derived risk measures highlight the need for continuous measured
improvement of cybersecurity readiness, show clear areas of weakness and
strength, and provide governments with some early targets for policy focus such
as security education, incident response, and focusing efforts first on
municipalities at the lowest security levels that have the highest risk
reduction per security dollar invested.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要