Essays on Probabilistic Modeling of Cyber Risk
Description
Cyber risk has emerged as a significant challenge to businesses and critical infrastructures, such as hospitals, that have increasingly relied on new and existing information technologies (IT). For purposes of pricing this emerging risk and as an aid for improved cybersecurity network hardening, three essays propose probabilistic network modeling frameworks to obtain the exact mean and variance of loss distribution characterization for various informed network configurations. The first essay is a published paper modeling the cyber risk of a single small-and-medium-sized enterprise (SME) as a random tree with network segmentation. Lacking the resources and mature cybersecurity programs of larger organizations, SMEs struggle to protect against sophisticated cyberattacks and often purchase cyber insurance to mitigate financial losses. In this context, this essay characterizes the loss distribution for pricing purposes. The second essay is a published paper that proposes a structural model of an aggregate loss distribution for a prototypical hospital network. Modeled as a mixed random graph, the hospital network consists of various patient monitoring devices and medical imaging equipment as random nodes to account for the variable occupancy of patient rooms and availability of imaging equipment that are connected by bidirectional edges to fixed hospital and radiological information systems. The framework accounts for the documented cyber vulnerabilities of a hospital's trusted internal network of its major medical assets. This essay develops a probabilistic graph-theoretical framework, employing a percolation model and combinatorial techniques, to compute the mean and variance of the loss distribution for a mixed random network that can be useful for healthcare administrators and cybersecurity professionals to improve cybersecurity management strategies. The third essay proposes a probabilistic structural framework for financial loss assessments on the class of client-server network architectures with $K$ different client types. Across various businesses in different industries and sectors, a distinct pattern of IT network architectures, such as the client-server network architecture, may, in principle, expose those businesses, which share it, to similar cyber risks. This essay investigates four applications of the client-server network architecture: implantable medical devices in healthcare, smart buildings, ride-sharing services like Uber and Lyft, and vehicle-to-vehicle cooperation in traffic management.
Details
Contributors
- Chiaradonna, Stefano Dimitri (Author)
- Jevtic, Petar (Thesis advisor)
- Lanchier, Nicolas (Thesis advisor)
- Bao, Tiffany (Committee member)
- Boscovic, Dragan (Committee member)
- Warnick, Sean (Committee member)
- Arizona State University (Publisher)
Date Created
The date the item was original created (prior to any relationship with the ASU Digital Repositories.)
2024
Topical Subject
Resource Type
Language
- eng
Note
- Partial requirement for: Ph.D., Arizona State University, 2024
- Field of study: Applied Mathematics
Additional Information
English
Extent
- 217 pages