Dynamic Modeling of Cybersecurity Threats at Essential Ambiguities

Abstract

The recent research in cybersecurity, particularly in cybersecurity threats modeling, shows that threats to an organization’s information systems are considered as a probability measure, meanwhile cybersecurity threats are stochastic by their nature and thus, a dynamic approach is needed for proper modeling. Among the most frequently cited approaches on assessing investments in cybersecurity found in recent studies is the Gordon and Loeb investment model. In this model, it is assumed that there is a single threat to an information system and accordingly, the cybersecurity threat is presented as the probability of an attempted breach of the given information system. In this model, threat is considered as static, which does not address the dynamic nature of cybersecurity investments. In this article, given the complex and stochastic nature of cybersecurity threats and the high level of uncertainty in cyber environment, cybersecurity threats are modeled as stochastic processes under ambiguity by using the Brownian motions. It is shown, that modeling cybersecurity threats through Brownian motions effectively captures the dynamic nature of cybersecurity threats at essential ambiguities.