Cyber-Risk Management

Atle Refsdal is a senior research scientist at SINTEF ICT in Norway, where he is involved in international as well as national research projects. His research interests include formal specification and analysis, as well as model-based risk analysis. In addition to his academic background he also has several years of industrial experience from the fields of knowledge engineering and industrial automation.Ketil Stølen has broad experience from basic research as well as applied research. He has led the development of the CORAS method since the very beginning and was the technical manager of the related EU-project. Since then, he has led several research projects funded by the Research Council of Norway which considerably refined and extended the original CORAS approach. A book on the CORAS method supported by a free tool was published in 2011.Bjørnar Solhaug is a senior research scientist at SINTEF ICT in Norway. His research interests include risk and security management, threat and risk modelling, and formal/semi-formal techniques. He is one of the co-authors of the book on the CORAS approach to model-driven risk analysis (Springer 2011).

• 1 Introduction.- Part I Conceptual Introduction.- 2 Risk Management.- 3 Cyber-systems.- 4 Cybersecurity.- 5 Cyber-risk Management.- Part II Cyber-risk Assessment Exemplified.- 6 Context Establishment.- 7 Risk Identification.- 8 Risk Analysis.- 9 Risk Evaluation.- 10 Risk Treatment.- Part III Known Challenges and How to Address Them in Practice.- 11 Which Measure of Risk Level to Use?- 12 What Scales Are Best Suited Under What Conditions?- 13 How to Deal with Uncertainty?- 14 High-consequence Risk with Low Likelihood.- 15 Conclusion.- Glossary.- References.- Index.