Help
Cart
Skip main navigation

Available Issues

December 4, 2012 - March 5, 2026

Available Issues

December 4, 2012 - March 5, 2026

Assessing and Forecasting Cybersecurity Impacts

Published Online:26 Oct 2020https://doi.org/10.1287/deca.2020.0418

References

  • Acquisti A, Leslie KJ, Loewenstein G (2013) What is privacy worth? J. Legal Stud. 42(2):249–274.CrossrefGoogle Scholar
  • Andress J, Winterfeld S (2013) Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners (Elsevier, New York).Google Scholar
  • Bagchi A, Bandyopadhyay T (2018) Role of intelligence inputs in defending against cyber warfare and cyberterrorism. Decision Anal. 15(3):174–193.LinkGoogle Scholar
  • Brewster T (2018) This guy hacked hundreds of planes from the ground. Forbes (August 9), https://www.forbes.com/sites/thomasbrewster/2018/08/09/this-guy-hacked-hundreds-of-planes-from-the-ground/#21804f4946f2.Google Scholar
  • British Standards Institution (2007) BS 25999-2:2007 Specification for Business Continuity Management (British Standards Institution, London).Google Scholar
  • Brown S, Hillegeist SA, Lo K (2004) Management Forecasts and Litigation Risk (Elsevier, Amsterdam).Google Scholar
  • Brownlow S, Watson S (1987) Structuring multi-attribute value hierarchies. J. Oper. Res. Soc. 38(4):309–317.CrossrefGoogle Scholar
  • Carpenter DP, Krause GA (2011) Reputation and public administration. Public Admin. Rev. 72(1):26–32.CrossrefGoogle Scholar
  • Cooke RM (1991) Experts in Uncertainty: Opinion and Subjective Probability in Science (Oxford University Press, Oxford, UK).CrossrefGoogle Scholar
  • Cooke RM, Bedford T (2001) Probabilistic Risk Analysis: Foundations and Methods (Cambridge University Press, Cambridge, UK).Google Scholar
  • Couce A, Rios Insua D, Koutalieris G, Chatgiannakis V (2019) Decision support systems for cybersecurity risk management and cyber insurance. Accessed August 15, 2019, https://www.cybeco.eu/images/items/CYBECO-D3.2_Improved%20Modelling%20framework%20for%20cyber%20risk%20management_v2.0.pdf.Google Scholar
  • Dias LC, Morton A, Quigley J (2018) Elicitation: State of the Art and Science (Springer, New York).CrossrefGoogle Scholar
  • Dyer J, Sarin R (1979) Group preference aggregation rules based on strength of preference. Management Sci. 25(9):822–832.LinkGoogle Scholar
  • Dyer J, Sarin R (1982) Relative risk aversion. Management Sci. 28(8):875–886.LinkGoogle Scholar
  • Eling M, Wirfs J (2019) What are the actual costs of cyber risk events. Eur. J. Oper. Res. 272:1109–1119.CrossrefGoogle Scholar
  • ENISA (2007) Information package for SMEs with examples of risk assessment/risk management for two SMEs. Accessed August 15, 2019, https://www.enisa.europa.eu/publications/information-package-for-smes/at_download/fullReport.Google Scholar
  • ENISA (2010) IT business continuity management—An approach for small medium sized organisations. Accessed September 24, 2020, https://www.enisa.europa.eu/publications/business-continuity-for-smes/at_download/fullReport.Google Scholar
  • European Commission (2017) Commission Decision (EU) 2017/2285 of December 6, 2017 Amending the User's Guide Setting Out the Steps Needed to Participate in EMAS, under Regulation (EC) No 1221/2009 of the European Parliament and of the Council on the Voluntary Participation by Organizations in a Community Eco-Management and Audit Scheme (EMAS). Legislation, Publications Office of the European Union, Luxembourg.Google Scholar
  • European Food Safety Authority (2017) EFSA guidance document for predicting environmental concentrations of active substances of plant protection products and transformation products of these active substances in soil. EFSA Journal 13(4):4093.Google Scholar
  • European Organisation for the Safety of Air Navigation (2013) Annual report. Report, European Organisation for the Safety of Air Navigation (EUROCONTROL), Brussels, Belgium.Google Scholar
  • European Parliament (2016) Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). Legislation, Publications Office of the European Union, Luxembourg.Google Scholar
  • Farquhar PH (1984) State of the art—Utility assessment methods. Management Sci. 30(11):1283–1300.LinkGoogle Scholar
  • Fjeld R, Eisenberg N, Compton K (2007) Quantitative Environmental Risk Analysis for Human Health (Wiley, New York).CrossrefGoogle Scholar
  • Fombrun CJ (2012) The building blocks of corporate reputation: Definitions, antecedents, consequences. Barnett ML, Pollock TG, eds. The Oxford Handbook of Corporate Reputation (Oxford University Press, Oxford, UK), 94–113.Google Scholar
  • French S, Ríos Insua D (2000) Statistical Decision Theory (Wiley, New York).Google Scholar
  • Fu K, Blum J (2013) Controlling for cybersecurity risks of medical device software. Comm. ACM 56(10):35–37.CrossrefGoogle Scholar
  • Godel M, Landzaat W, Suter J (2017) Research and analysis to quantify the benefits arising from personal data rights under the GDPR. Report, Department for Culture, Media & Sport, London, UK.Google Scholar
  • Hann Ih, Kai-Lung H, Sang-Yong TL, Ivan PLP (2007) Overcoming information privacy concerns: An information processing theory approach. J. Management Informs. Systems 24:13–42.CrossrefGoogle Scholar
  • Hasler RM, Kehl C, Exadaktylos AK, Albrecht R, Dubler S, Greif R, Urwyler N (2012) Accuracy of prehospital diagnosis and triage of a Swiss helicopter emergency medical service. J. Trauma Acute Care Surgery 73(3):709–715.CrossrefGoogle Scholar
  • Hellweg S, Milá i Canals L (2014) Emerging approaches, challenges and opportunities in life cycle assessment. Science 344(6188):1109–1113.CrossrefGoogle Scholar
  • Hubbard DW, Selersen R (2016) How to Measure Anything in Cybersecurity Risk (Wiley, New York).CrossrefGoogle Scholar
  • Industry Specification Group (2015) ETSI GS ISI 002 V1.1.1 information security indicators (ISI); event model, a security event classification model and taxonomy Annex B1.8—With what kind of impact. European Telecommunications Standards Institute, Sophia Antipolis, France.Google Scholar
  • Ireland Environmental Protection Agency (2010) Guidance to licensees/COA holders on the notification. Management and Communication of Environmental Incidents. Report, Office of Environmental Enforcement, Wexford, Ireland.Google Scholar
  • ISO (2014) ISO 55000:2014—Asset management—Overview. Principles and terminology. Report, International Organization for Standardization, Geneva, Switzerland.Google Scholar
  • ISO (2015a) ISO 19770-5:2015—IT asset management—Overview and vocabulary—Part 5. Report, International Organization for Standardization, Geneva, Switzerland.Google Scholar
  • ISO (2015b) Societal Security—Business Continuity Management Systems—Guidelines for Business Impact Analysis. Report, International Organization for Standardization, Geneva, Switzerland.Google Scholar
  • Jensen M, Roy A (2008) Staging exchange partner choices: When do status and reputation matter? Acad. Management J. 51(3):495–516.CrossrefGoogle Scholar
  • Jensen M, Kim H, Kim BK (2012) Meeting expectations: A role-theoretic perspective on reputation. Barnett ML, Pollock TG, eds. The Oxford Handbook of Corporate Reputation (Oxford University Press, Oxford, UK), 140–159.Google Scholar
  • Keeney R (1992) Value Focused Thinking (Harvard University Press, Cambridge, MA).Google Scholar
  • Keeney R (2007a) Developing objectives and attributes. Edwards W, Miles RF Jr, von Winterfeldt D, eds. Advances in Decision Analysis: From Foundations to Applications (Cambridge University Press, Cambridge, UK).CrossrefGoogle Scholar
  • Keeney R (2007b) Modeling values for anti-terrorism analysis. Risk Anal. 27(3):585–596.CrossrefGoogle Scholar
  • Keeney R, Gregory R (2005) Selecting attributes to measure the achievement of objectives. Oper. Res. 53:1–11.LinkGoogle Scholar
  • Keeney R, von Winterfeldt D (2011) A value model for evaluation homeland security decisions. Risk Anal. 31(9):1470–1487.CrossrefGoogle Scholar
  • Krutz R, Vines R (2004) The CISP Prep Guide (Wiley, New York).Google Scholar
  • Kurtz C, Semmann M, Schulz W (2018) Toward a framework for information privacy in complex service ecosystems. 39th Internat. Conf. Inform. Systems (Association for Information Systems, San Francisco, CA).Google Scholar
  • Lee JA, Liu CU (2012) Forbidden city enclosed by the great firewall: The law and power of Internet filtering in china. Minnesota J. Law Sci. Tech. 13(1):125–151.Google Scholar
  • Liu Y, Sarabi A, Zhang J, Naghizadeh P, Karir M, Bailey M, Liu M (2015) Cloudy with a chance of breach: Forecasting cyber security incidents. 24th USENIX Security Sympos. (The USENIX Association, Berkeley, CA), 1009–1024.Google Scholar
  • Macaulay T, Singer BL (2011) Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS (Auerbach Publications, Abingdon-on-Thames, UK).Google Scholar
  • Magerit (2012) Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información, version 3 (Ministerio de Hacienda y Administraciones Públicas, Madrid).Google Scholar
  • Margulies P (2013) The NSA in global perspective: Surveillance, human rights, and international counterterrorism. Fordham Law Rev. 82(5):2137–2167.Google Scholar
  • Maslow AH (1943) A theory of human motivation. Psych. Rev. 50(4):370–396.CrossrefGoogle Scholar
  • Morris D, Oakley J, Crowe J (2014) A web-based tool for eliciting probability distributions from experts. Environ. Model. Software 52:1–4.CrossrefGoogle Scholar
  • Mowbray TJ (2013) Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions (Wiley, New York).Google Scholar
  • Musaraj Cousin, K M, Melvin V, Melvin C, Couce A, Rios Insua D, J Vila, et al. (2018) CYBECO Deliverable D4.1 Cyber insurance use cases and scenarios. Accessed March 30, 2018, https://www.cybeco.eu/.Google Scholar
  • OECD (2017) Enhancing the Role of Insurance in Cyber Risk Management (OECD Publishing, Paris).CrossrefGoogle Scholar
  • Ortega J, Radovic V, Rios Insua D (2018) Utility elicitation. Dias LC, Morton A, Quigley J, eds. Elicitation: The Science and Art of Structuring Judgement (Springer International Publishing, New York), 241–264.Google Scholar
  • Pala A, Zhuang J (2019) Information sharing in cybersecurity: A review. Decision Anal. 16:157–237.LinkGoogle Scholar
  • Raggio R, Leone R (2019) Drivers of brand value, estimation of brand value in practice and use of brand valuation: Introduction to the special issue. J. Brand Management 17(1):1–5.CrossrefGoogle Scholar
  • Rios Insua D, Alfaro C, Gomez J, Hernandez-Coronado P, Bernal F (2019a) Forecasting and assessing consequences of aviation safety occurrences. Safety Sci. 111:243–252.CrossrefGoogle Scholar
  • Rios Insua D, Couce-Vieira A, Rubio JA, Pieters W, Labunets K, Rasines D (2019b) An adversarial risk analysis framework for cybersecurity. Risk Anal, ePub ahead of print June 10, https://doi.org/10.1111/risa.13331.CrossrefGoogle Scholar
  • SABSA Institute (2009) The SABSA White Paper (Sherwood Applied Business Security Architecture), Hove, UK.Google Scholar
  • Sarabi A, Naghizadeh P, Liu Y, Liu M (2016) Risky business: Fine-grained data breach prediction using business profiles. J. Cybersecurity 2(1):15–28.CrossrefGoogle Scholar
  • Sayfayn N, Madnick S (2017) Cybersafety analysis of the Maroochy shire sewage spill. Working paper, MIT Sloan School of Management, Cambridge, MA.Google Scholar
  • Taeihagh A, Lim HSM (2018) Governing autonomous vehicles: Emerging responses for safety, liability, privacy, cybersecurity, and industry risks. Transporation Rev. 39(1):103–128.CrossrefGoogle Scholar
  • The Open Web Application Security Project (2017) The OWASP risk rating methodology. Accessed September 23, 2020, https://owasp.org/www-community/OWASP_Risk_Rating_Methodology#.Google Scholar
  • Torres A, Redondo A, Rios Insua D, Domingo J, Ruggeri F (2020) Expert judgement methods in a supply chain cyber risk management. Hanea AM, Nane GF, Bedford T, French S, eds. Expert Judgement in Risk and Decision Analysis (Springer International Publishing, Cham, Switzerland).Google Scholar
  • UK Department for Environment, Food and Rural Affairs (2006) Environmental key performance indicators reporting guidelines for UK business. (DEFRA, London). Report, Department for Environment, Food and Rural Affairs, London.Google Scholar
  • UK Environment Agency (2006) Incidents and their classification: The Common Incident Classification Scheme (CICS), version 12. Report, Environment Agency, London.Google Scholar
  • UN Human Rights Council (2015) Resolution on the promotion, protection and enjoyment of human rights on the internet. Report, United Nations, Geneva, Switzerland.Google Scholar
  • UN Human Rights Council (2016) Universal Human Rights Index Database. Accessed October 2016, http://uhri.ohchr.org/search/guide.Google Scholar
  • Ustün T, Kostanjsek N, Chatterji S, Rehm J (2010) Measuring health and disability: Manual for WHO disability assessment schedule, WHODAS 2.0. Report, World Health Organization, Geneva, Switzerland.Google Scholar
  • Vacca J (2013) Computer and Information Security Handbook, 2nd ed. (Morgan Kaufmann, Burlington, MA).Google Scholar
  • van Riel CBM, Fombrun CJ (2007) Essentials of Corporate Communication (Routledge, Abingdon, UK).CrossrefGoogle Scholar
  • Vandebosch H, van Cleemput K (2008) Defining cyberbullying: A qualitative research into the perceptions of youngsters. Cyberpsych. Behav. 11(4):499–503.CrossrefGoogle Scholar
  • Viscusi K, Aldy J (2003) The value of a statistical life: A critical review of market estimates throughout the world. J. Risk Uncertainty 27:5–76.CrossrefGoogle Scholar
  • WEF (2020) Global Risks Report (World Economic Forum, Cologny, Switzerland).Google Scholar
  • WHO (2018) International Statistical Classification of Diseases and Related Health Problems, 11th revision (World Health Organization, Geneva).Google Scholar
  • Wiper M, Rios Insua D, Ruggeri F (2001) Mixtures of gamma distributions with applications. J. Comput. Graphic Statist. 10:440–454.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree