Skip to Main content Skip to Navigation

Data-driven risk quantification for proactive security

Abstract : The feasibility and efficacy of proactive measures depend upon a cascading of challenges: how can one quantify the cyber risks of a given entity, what reliable indicators can be used to predict them, and from which data sources can they be extracted? In this thesis, we enumerate active challenges that practitioners and researchers face when attempting to quantify cyber-risks and contextualise them in the emerging domain of cyber insurance, and propose several research directions. We then explore some of these areas, evaluate the incidence that different security measures and security postures have on malware-infection risks and assess the goodness of nine host- extracted indicators when investigating the systematic nature of those risks. We finally provide evidence about the importance that data-source selection together with a holistic approach have on risk measurements. We look at web-tracking and demonstrate how underestimated privacy risks are when excluding the users' perspective.
Document type :
Complete list of metadata
Contributor : ABES STAR :  Contact
Submitted on : Wednesday, February 16, 2022 - 12:42:07 PM
Last modification on : Friday, February 18, 2022 - 10:16:34 AM
Long-term archiving on: : Tuesday, May 17, 2022 - 6:36:15 PM


Version validated by the jury (STAR)


  • HAL Id : tel-03576863, version 1


Savino Dambra. Data-driven risk quantification for proactive security. Cryptography and Security [cs.CR]. Sorbonne Université, 2021. English. ⟨NNT : 2021SORUS356⟩. ⟨tel-03576863⟩



Record views


Files downloads