uu.seUppsala University Publications
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
The MaRiQ model: A quantitative approach to risk management
Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology, Division of Computing Science.
Uppsala University, Disciplinary Domain of Science and Technology, Mathematics and Computer Science, Department of Information Technology, Computing Science.
2019 (English)Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

In recent years, cyber attacks and data fraud have become major issues to companies, businesses and nation states alike. The need for more accurate and reliable risk management models is therefore substantial.

Today, cybersecurity risk management is often carried out on a qualitative basis, where risks are evaluated to a predefined set of categories such as low, medium or high. This thesis aims to challenge that practice, by presenting a model that quantitatively assesses risks - therefore named MaRiQ (Manage Risks Quantitatively).

MaRiQ was developed based on collected requirements and contemporary literature on quantitative risk management. The model consists of a clearly defined flowchart and a supporting tool created in Excel. To generate scientifically validated results, MaRiQ makes use of a number of statistical techniques and mathematical functions, such as Monte Carlo simulations and probability distributions.

To evaluate whether our developed model really was an improvement compared to current qualitative processes, we conducted a workshop at the end of the project. The organization that tested MaRiQexperienced the model to be useful and that it fulfilled most of their needs.

Our results indicate that risk management within cybersecurity can and should be performed using more quantitative approaches than what is praxis today. Even though there are several potential developments to be made, MaRiQ demonstrates the possible advantages of transitioning from qualitative to quantitative risk management processes.

Place, publisher, year, edition, pages
2019. , p. 97
Series
UPTEC STS, ISSN 1650-8319 ; 19017
Keywords [en]
risk management, cyber security, quantitative risk analysis, Monte Carlo simulations
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:uu:diva-385257OAI: oai:DiVA.org:uu-385257DiVA, id: diva2:1323684
External cooperation
Nixu Cybersecurity
Educational program
Systems in Technology and Society Programme
Presentation
2019-06-04, Å64119, Lägerhyddsvägen 1, Uppsala, 13:15 (Swedish)
Supervisors
Examiners
Available from: 2019-06-12 Created: 2019-06-12 Last updated: 2019-06-12Bibliographically approved

Open Access in DiVA

fulltext(2289 kB)276 downloads
File information
File name FULLTEXT01.pdfFile size 2289 kBChecksum SHA-512
a2c5201c0e8f4f45d0a62bcf04ef94bbc6bc33764d93bb34cdeb2841343ff9889d8de7ac7ec95f38a00366fb1b2efa115c8420229c9643991f04cef744cd9c13
Type fulltextMimetype application/pdf

By organisation
Division of Computing ScienceComputing Science
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 276 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 468 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf