If You Cant Measure It You Cant Manage








- Slides: 8

If You Can’t Measure It, You Can’t Manage It: Cybersecurity Risk Measurement Through Textual Imagification Arion Cheong Soohyun Cho Won Gyun No Miklos A. Vasarhelyi

Objective “ … include the use of user data in a manner inconsistent with our terms, contracts or policies, the existence of false or undesirable user accounts, election interference, improper ad purchases, activities that threaten people’s safety on- or offline, or instances of spamming, scraping, or spreading misinformation … ” Facebook 10 -Q Item 1 A(2018) CIST 2018 Quantitative Cybersecurity Risk Metric

Objective Imagify DNA Sequence Entity: Human Subject of Analysis: Prob (Cancer) + Race, Sex, Age FDA-GOOGLE DEEPVARIANT Imagify Cybersecurity Risk Topics Entity: Company Subject of Analysis: Cybersecurity Risk Metric Cybersecurity Risk Disclosures CIST 2018 + Industry

Risk Topic Classification Every US Public Firms Risk Topics CS Risk Disclosure Database Security Topic Centroid Database Amazon Server Spyware CIST 2018 Control

Multicollinearity Access Control < DB Security > Privacy Data < Overall Cybersecurity Score 825 out of 1000 ? 739 out of 1000 Regression Analysis ? CIST 2018

Textual Imagification SIC: 5961 (Retail-Catalog & Mail-Order Houses) 2013: Retail 2014: Platform 2015: Cloud Service Target Twitter Alphabet e. Bay Adobe Walmart Apple Microsoft CIST 2018 Amazon’s Cybersecurity Risk Image

Cybersecurity Risk Score Imagify DNA Sequence Normal Autoencoder Individual Images of Non-breached Firms Normality Prob (Cancer) Amazon CIST 2018 Cybersecurity Risk Metric

Thank You! Visit our Platform CIST 2018
If you can't measure it you cannot improve it
You can t manage what you don t measure
If you cannot measure it you cannot manage it
You cant manage what you dont measure
What you can't measure you can't manage
Is measure for measure a comedy
Air temperature
If you can t beat them join them
Can't have one without the other