Dynamic framework for assessing cyber security risks in a changing environment

Cyber risk assessment frameworks aim at addressing a challenging problem that public and commercial organizations and nations embrace today - a proper estimation of likelihood of cyber-related risks and assessment of their potential impact on an enterprise. However, current frameworks fail at adapting to changes which happen in dynamically shifting environments and keep organizations blind to new possible threats. These threats may occur because of different changes happening internally or externally of the organization. For example, the global presence or digital footprint of the organization can significantly increase the exposure of an organization to cyber threats. Therefore, practitioners need new instruments which can be used to advise enterprises when and how their risk assessment methods and processes should be adjusted in order to stay relevant in a rapidly changing environment. In this work, the authors propose and validate a new method of applying a system dynamics approach for designing a dynamic risk assessment framework and introduce areas of future work.