The field of cyber risks is rapidly expanding, yet significant research remains to be conducted. Numerous taxonomy-based systems have been proposed in both the academic literature and industrial practice to classify cyber risk threats. However, the fragmentation of various approaches has resulted in a plethora of taxonomies, often incongruent with one another. In this study, we undertake a comprehensive review of these alternative taxonomies and offer a common framework for their classification based on their scope. Furthermore, we introduce desirable properties of a taxonomy, which enable comparisons of different taxonomies with the same scope. Finally, we discuss the managerial implications stemming from the utilization of each taxonomy class to support decision-making processes.
A taxonomy of cyber risk taxonomies
Khorrami Chokami A.;
2024-01-01
Abstract
The field of cyber risks is rapidly expanding, yet significant research remains to be conducted. Numerous taxonomy-based systems have been proposed in both the academic literature and industrial practice to classify cyber risk threats. However, the fragmentation of various approaches has resulted in a plethora of taxonomies, often incongruent with one another. In this study, we undertake a comprehensive review of these alternative taxonomies and offer a common framework for their classification based on their scope. Furthermore, we introduce desirable properties of a taxonomy, which enable comparisons of different taxonomies with the same scope. Finally, we discuss the managerial implications stemming from the utilization of each taxonomy class to support decision-making processes.File | Dimensione | Formato | |
---|---|---|---|
2024_Rabitti_KC_Coyle_Cohen.pdf
accesso aperto
Tipologia:
versione post-print
Dimensione
133.62 kB
Formato
Adobe PDF
|
133.62 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.