QuantTM: Business-Centric Threat Quantification for Risk Management and Cyber Resilience

arXiv:2402.14140v1 Announce Type: new
Abstract: Threat modeling has emerged as a key process for understanding relevant threats within businesses. However, understanding the importance of threat events is rarely driven by the business incorporating the system. Furthermore, prioritization of threat events often occurs based on abstract and qualitative scoring. While such scores enable prioritization, they do not allow the results to be easily interpreted by decision-makers. This can hinder downstream activities, such as discussing security investments and a security control's economic …

arxiv business businesses cs.cr cyber cyber resilience events key management modeling prioritization process qualitative quantification relevant resilience risk risk management scoring system threat threat modeling threats understanding