Rabitti Giovanni, Khorrami Chokami Amir, Coyle Patrick, Cohen Ruben D
Department of Actuarial Mathematics and Statistics, Heriot-Watt University and Maxwell Institute for Mathematical Sciences, Edinburgh, UK.
Department of Mathematics and Computer Science, Università di Cagliari, Cagliari, Italy.
Risk Anal. 2025 Feb;45(2):376-386. doi: 10.1111/risa.16629. Epub 2024 Aug 2.
The field of cyber risks is rapidly expanding, yet significant research remains to be conducted. Numerous taxonomy-based systems have been proposed in both the academic literature and industrial practice to classify cyber risk threats. However, the fragmentation of various approaches has resulted in a plethora of taxonomies, often incongruent with one another. In this study, we undertake a comprehensive review of these alternative taxonomies and offer a common framework for their classification based on their scope. Furthermore, we introduce desirable properties of a taxonomy, which enable comparisons of different taxonomies with the same scope. Finally, we discuss the managerial implications stemming from the utilization of each taxonomy class to support decision-making processes.
网络风险领域正在迅速扩展,但仍有大量研究有待开展。学术文献和行业实践中都提出了许多基于分类法的系统来对网络风险威胁进行分类。然而,各种方法的碎片化导致了大量的分类法,它们往往相互不一致。在本研究中,我们对这些替代分类法进行了全面回顾,并根据其范围为它们的分类提供了一个通用框架。此外,我们介绍了分类法的理想属性,这些属性能够对具有相同范围的不同分类法进行比较。最后,我们讨论了利用每个分类法类别所产生的管理意义,以支持决策过程。
