A Systematic Approach for Cybersecurity Risk Management

Chen, Kristin YiJie

Author(s)

Chen, Kristin YiJie

DownloadThesis PDF (5.246Mb)

Advisor

Siegel, Michael D.

Terms of use

In Copyright - Educational Use Permitted Copyright MIT http://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

In the last few years, the concern over cybersecurity has grown dramatically. With all the existing, and sometimes competing, guidelines and frameworks intended to inform cyber risk strategies, organizations face the problem of deciding which is right for them. To resolve the confusion, this research proposes a practical and effective model that can be used by organizations of any size or in any industry for cyber risk management. We propose a Cyber Risk Cube (CRC) tool designed to be practical for all parts of an organization, which examines three fundamental pairings for looking at cyber risk: Internal/External, Measurement/Management, and Qualitative/Quantitative. The CRC tool can be used as a common language for sharing ideas and solutions to cyber risk management. Ultimately, the CRC provides details for implementing solutions to managing cyber risks in a concise and standardized manner.

Date issued

2021-09

URI

https://hdl.handle.net/1721.1/139995

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science; System Design and Management Program.; System Design and Management Program.

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses