Quantitative analysis of cyber risk: how do we best manage it?

Elisabeth Paté-Cornell

Quantitative analysis cyber risk, based on the probability and consequences of different types of attacks, allows rational allocation of risk management resources. I will briefly present the method and five illustrative vignettes, including a statistical analysis of 60,000 cyber incidents (funded by NASA), the optimization of the level of connectivity in a network (illustrated by a smart grid), and of the time lag between updates of the software of an operating system. I will also discuss ongoing work, involving warnings of cyber attacks and the cyber aspects of fake news.