Loss Magnitude Estimation in Support of Business Impact Analysis
• Technical Report
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2020-TR-008DOI (Digital Object Identifier)
10.1184/R1/13042955Topic or Tag
Abstract
This report describes the initial results of a research project to develop a transparent estimation method. This method leads to greater confidence in and improved ranges for estimates of potential cyber loss magnitude. The project team refined the Cybersecurity & Infrastructure Security Agency, Office of the Chief Economist (CISA OCE) Business Impact Analysis (BIA) method to support this estimation approach, including identifying factors and forming questions to ask stakeholders to elicit input for the loss magnitude estimation process. The project team also characterized the context for using factor tree analysis to produce an executable model in support of the refined BIA method since it can be applied to future cybersecurity assessments.
Cite This Technical Report
Kambic, D., Moore, A., Tobar, D., & Tucker, B. (2020, December 15). Loss Magnitude Estimation in Support of Business Impact Analysis. (Technical Report CMU/SEI-2020-TR-008). Retrieved November 21, 2024, from https://doi.org/10.1184/R1/13042955.
@techreport{kambic_2020,
author={Kambic, Daniel and Moore, Andrew and Tobar, David and Tucker, Brett},
title={Loss Magnitude Estimation in Support of Business Impact Analysis},
month={{Dec},
year={{2020},
number={{CMU/SEI-2020-TR-008},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/13042955},
note={Accessed: 2024-Nov-21}
}
Kambic, Daniel, Andrew Moore, David Tobar, and Brett Tucker. "Loss Magnitude Estimation in Support of Business Impact Analysis." (CMU/SEI-2020-TR-008). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, December 15, 2020. https://doi.org/10.1184/R1/13042955.
D. Kambic, A. Moore, D. Tobar, and B. Tucker, "Loss Magnitude Estimation in Support of Business Impact Analysis," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2020-TR-008, 15-Dec-2020 [Online]. Available: https://doi.org/10.1184/R1/13042955. [Accessed: 21-Nov-2024].
Kambic, Daniel, Andrew Moore, David Tobar, and Brett Tucker. "Loss Magnitude Estimation in Support of Business Impact Analysis." (Technical Report CMU/SEI-2020-TR-008). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 15 Dec. 2020. https://doi.org/10.1184/R1/13042955. Accessed 21 Nov. 2024.
Kambic, Daniel; Moore, Andrew; Tobar, David; & Tucker, Brett. Loss Magnitude Estimation in Support of Business Impact Analysis. CMU/SEI-2020-TR-008. Software Engineering Institute. 2020. https://doi.org/10.1184/R1/13042955