search menu icon-carat-right cmu-wordmark

Loss Magnitude Estimation in Support of Business Impact Analysis

Technical Report
The authors describe a project to develop an estimation method that yields greater confidence in and improved ranges for estimates of potential cyber loss magnitude.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2020-TR-008
DOI (Digital Object Identifier)
10.1184/R1/13042955

Abstract

This report describes the initial results of a research project to develop a transparent estimation method. This method leads to greater confidence in and improved ranges for estimates of potential cyber loss magnitude. The project team refined the Cybersecurity & Infrastructure Security Agency, Office of the Chief Economist (CISA OCE) Business Impact Analysis (BIA) method to support this estimation approach, including identifying factors and forming questions to ask stakeholders to elicit input for the loss magnitude estimation process. The project team also characterized the context for using factor tree analysis to produce an executable model in support of the refined BIA method since it can be applied to future cybersecurity assessments.

Cite This Technical Report

Kambic, D., Moore, A., Tobar, D., & Tucker, B. (2020, December 15). Loss Magnitude Estimation in Support of Business Impact Analysis. (Technical Report CMU/SEI-2020-TR-008). Retrieved November 30, 2023, from https://doi.org/10.1184/R1/13042955.

@techreport{kambic_2020,
author={Kambic, Daniel and Moore, Andrew and Tobar, David and Tucker, Brett},
title={Loss Magnitude Estimation in Support of Business Impact Analysis},
month={Dec},
year={2020},
number={CMU/SEI-2020-TR-008},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/13042955},
note={Accessed: 2023-Nov-30}
}

Kambic, Daniel, Andrew Moore, David Tobar, and Brett Tucker. "Loss Magnitude Estimation in Support of Business Impact Analysis." (CMU/SEI-2020-TR-008). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, December 15, 2020. https://doi.org/10.1184/R1/13042955.

D. Kambic, A. Moore, D. Tobar, and B. Tucker, "Loss Magnitude Estimation in Support of Business Impact Analysis," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2020-TR-008, 15-Dec-2020 [Online]. Available: https://doi.org/10.1184/R1/13042955. [Accessed: 30-Nov-2023].

Kambic, Daniel, Andrew Moore, David Tobar, and Brett Tucker. "Loss Magnitude Estimation in Support of Business Impact Analysis." (Technical Report CMU/SEI-2020-TR-008). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 15 Dec. 2020. https://doi.org/10.1184/R1/13042955. Accessed 30 Nov. 2023.

Kambic, Daniel; Moore, Andrew; Tobar, David; & Tucker, Brett. Loss Magnitude Estimation in Support of Business Impact Analysis. CMU/SEI-2020-TR-008. Software Engineering Institute. 2020. https://doi.org/10.1184/R1/13042955