Stefano Chiaradonna, Petar Jevtić, Nicolas Lanchier, Sasa Pesic
{"title":"客户端-服务器网络的网络风险损失分布框架:债券渗透模型和特定行业案例研究","authors":"Stefano Chiaradonna, Petar Jevtić, Nicolas Lanchier, Sasa Pesic","doi":"10.1002/asmb.2896","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Cyber risk has emerged as a significant threat to businesses that have increasingly relied on new and existing information technologies (IT). Across various businesses in different industries and sectors, a distinct pattern of IT network architectures, such as the client-server network architecture, may, in principle, expose those businesses, which share it, to similar cyber risks. That is why in this article, we propose a probabilistic structural framework for loss assessments of cyber risks on the class of client-server network architectures with <span></span><math>\n <semantics>\n <mrow>\n <mi>K</mi>\n </mrow>\n <annotation>$$ K $$</annotation>\n </semantics></math> different client types. To our knowledge, there exist no theoretical models of an aggregate loss distribution for cyber risk in this setting. With this structural framework via the exact mean and variance of losses, we demonstrate how the changing cybersecurity environment of a business's IT network impacts the loss distribution. Furthermore, our framework provides insights into better investment strategies for cybersecurity protection on the client-server network. Motivated by cyberattacks across industries, we apply our framework to four case studies that utilize the client-server network architecture. Our first application is implantable medical devices in healthcare. Our second application is the smart buildings domain. Third, we present an application for ride-sharing services such as Uber and Lyft. The fourth is the application of vehicle-to-vehicle cooperation in traffic management. The results are corresponding exact means and variances of cyber risk loss distributions parameterized by various cybersecurity parameters allowing for liability assessments and decisions in cybersecurity protection investments.</p>\n </div>","PeriodicalId":55495,"journal":{"name":"Applied Stochastic Models in Business and Industry","volume":"40 6","pages":"1712-1733"},"PeriodicalIF":1.3000,"publicationDate":"2024-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Framework for Cyber Risk Loss Distribution of Client-Server Networks: A Bond Percolation Model and Industry Specific Case Studies\",\"authors\":\"Stefano Chiaradonna, Petar Jevtić, Nicolas Lanchier, Sasa Pesic\",\"doi\":\"10.1002/asmb.2896\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>\\n \\n <p>Cyber risk has emerged as a significant threat to businesses that have increasingly relied on new and existing information technologies (IT). Across various businesses in different industries and sectors, a distinct pattern of IT network architectures, such as the client-server network architecture, may, in principle, expose those businesses, which share it, to similar cyber risks. That is why in this article, we propose a probabilistic structural framework for loss assessments of cyber risks on the class of client-server network architectures with <span></span><math>\\n <semantics>\\n <mrow>\\n <mi>K</mi>\\n </mrow>\\n <annotation>$$ K $$</annotation>\\n </semantics></math> different client types. To our knowledge, there exist no theoretical models of an aggregate loss distribution for cyber risk in this setting. With this structural framework via the exact mean and variance of losses, we demonstrate how the changing cybersecurity environment of a business's IT network impacts the loss distribution. Furthermore, our framework provides insights into better investment strategies for cybersecurity protection on the client-server network. Motivated by cyberattacks across industries, we apply our framework to four case studies that utilize the client-server network architecture. Our first application is implantable medical devices in healthcare. Our second application is the smart buildings domain. Third, we present an application for ride-sharing services such as Uber and Lyft. The fourth is the application of vehicle-to-vehicle cooperation in traffic management. The results are corresponding exact means and variances of cyber risk loss distributions parameterized by various cybersecurity parameters allowing for liability assessments and decisions in cybersecurity protection investments.</p>\\n </div>\",\"PeriodicalId\":55495,\"journal\":{\"name\":\"Applied Stochastic Models in Business and Industry\",\"volume\":\"40 6\",\"pages\":\"1712-1733\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2024-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Applied Stochastic Models in Business and Industry\",\"FirstCategoryId\":\"100\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/asmb.2896\",\"RegionNum\":4,\"RegionCategory\":\"数学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"MATHEMATICS, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Stochastic Models in Business and Industry","FirstCategoryId":"100","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/asmb.2896","RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"MATHEMATICS, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0
摘要
网络风险已经成为越来越依赖于新的和现有的信息技术(IT)的企业的重大威胁。在不同行业和部门的各种业务中,原则上,不同的IT网络体系结构模式(例如客户机-服务器网络体系结构)可能会使共享该模式的那些业务暴露于类似的网络风险中。这就是为什么在本文中,我们提出了一个概率结构框架,用于在具有K $$ K $$不同客户端类型的客户端-服务器网络架构类上对网络风险进行损失评估。据我们所知,在这种情况下,还没有网络风险总损失分布的理论模型。通过损失的精确均值和方差,我们展示了企业IT网络不断变化的网络安全环境如何影响损失分布。此外,我们的框架为客户端-服务器网络上的网络安全保护提供了更好的投资策略。在跨行业网络攻击的推动下,我们将我们的框架应用于利用客户机-服务器网络体系结构的四个案例研究。我们的第一个应用是医疗保健领域的植入式医疗设备。我们的第二个应用是智能建筑领域。第三,我们提出了一个乘车共享服务的应用程序,如优步和Lyft。四是车对车合作在交通管理中的应用。结果是由各种网络安全参数参数化的网络风险损失分布的相应精确均值和方差,可用于网络安全保护投资的责任评估和决策。
Framework for Cyber Risk Loss Distribution of Client-Server Networks: A Bond Percolation Model and Industry Specific Case Studies
Cyber risk has emerged as a significant threat to businesses that have increasingly relied on new and existing information technologies (IT). Across various businesses in different industries and sectors, a distinct pattern of IT network architectures, such as the client-server network architecture, may, in principle, expose those businesses, which share it, to similar cyber risks. That is why in this article, we propose a probabilistic structural framework for loss assessments of cyber risks on the class of client-server network architectures with different client types. To our knowledge, there exist no theoretical models of an aggregate loss distribution for cyber risk in this setting. With this structural framework via the exact mean and variance of losses, we demonstrate how the changing cybersecurity environment of a business's IT network impacts the loss distribution. Furthermore, our framework provides insights into better investment strategies for cybersecurity protection on the client-server network. Motivated by cyberattacks across industries, we apply our framework to four case studies that utilize the client-server network architecture. Our first application is implantable medical devices in healthcare. Our second application is the smart buildings domain. Third, we present an application for ride-sharing services such as Uber and Lyft. The fourth is the application of vehicle-to-vehicle cooperation in traffic management. The results are corresponding exact means and variances of cyber risk loss distributions parameterized by various cybersecurity parameters allowing for liability assessments and decisions in cybersecurity protection investments.
期刊介绍:
ASMBI - Applied Stochastic Models in Business and Industry (formerly Applied Stochastic Models and Data Analysis) was first published in 1985, publishing contributions in the interface between stochastic modelling, data analysis and their applications in business, finance, insurance, management and production. In 2007 ASMBI became the official journal of the International Society for Business and Industrial Statistics (www.isbis.org). The main objective is to publish papers, both technical and practical, presenting new results which solve real-life problems or have great potential in doing so. Mathematical rigour, innovative stochastic modelling and sound applications are the key ingredients of papers to be published, after a very selective review process.
The journal is very open to new ideas, like Data Science and Big Data stemming from problems in business and industry or uncertainty quantification in engineering, as well as more traditional ones, like reliability, quality control, design of experiments, managerial processes, supply chains and inventories, insurance, econometrics, financial modelling (provided the papers are related to real problems). The journal is interested also in papers addressing the effects of business and industrial decisions on the environment, healthcare, social life. State-of-the art computational methods are very welcome as well, when combined with sound applications and innovative models.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
