Article in ssrn electronic Journal · July 015 doi: 10. 2139/ssrn. 2634590 citations 32 reads 1,108 author: Some of the authors of this publication are also working on these related projects

Download 1,22 Mb.

Pdf ko'rish

bet	9/39
Sana	14.06.2022
Hajmi	1,22 Mb.
	#670202

1 ... 5 6 7 8 9 10 11 12 ... 39

Bog'liq
Jardineglobalcyberspaceissaferthanyouthink

THE SECURITY OF CYBERSPACE:
VECTORS, OCCURRENCE AND
DAMAGE
The security of cyberspace can be conceptualized best from
a user’s perspective, broadly defined. A secure cyberspace
is one in which a user can make use of the Internet without
an unreasonable fear of suffering a high cost, with cost
being defined in some combination of reputational,
monetary and rights violations terms. An insecure
cyberspace environment is the opposite, or basically one
in which using the Internet is likely to impose a large cost
upon the user. This section outlines how to operationalize
the level of security in cyberspace by looking at the
available vectors for attack, the occurrence of online cyber
attacks and the costs of successful attacks. Together, these
three categories give a sense of how insecure cyberspace is
for an individual user.
Many aspects of the security of cyberspace are worsening
over time, but many others are actually remaining fairly
static year over year. In the odd case, a given indicator is
actually improving. These measures of the insecurity of
cyberspace are akin to the crime rate in a city or country. If
they are increasingly slower than the population, staying
the same size as the population grows, or improving as the
population increases, the common result is an improved
crime rate.

GLOBAL COMMISSION ON INTERNET GOVERNANCE PAPER SERIES: NO. 16 — JuLy 2015
6 • CENTRE FOR INTERNATIONAL GOVERNANCE INNOVATION • CHATHAM HOuSE
This conceptualization of the security of cyberspace can be
expressed as a function of three factors:
• the vectors available for cyber attack;
• the occurrence of cyber attacks; and
• the damage caused by successful cyber attacks.
Together, these three factors determine how secure
cyberspace is for an individual user. For instance, when
the vectors of attack are few, cyber attacks are harder to
effectively launch, making the cyberspace environment
more secure. When the number of attacks is low, the
probability that a user will be subject to a cyber attack
is less, again making cyberspace more secure. Likewise,
when the damage caused by a successful attack is low,
the cost of a successful cybercrime for an individual is
less severe, meaning the environment is less threatening
overall. In every case, as the vectors, occurrence or damage
of cyber attacks goes up, the overall security of cyberspace
from a user’s perceptive goes down.
This paper operationalizes the concept of the vectors of
cyber attack via the following measures:
• new vulnerabilities;
• malicious web domains;
• zero-day vulnerabilities;
• new browser vulnerabilities; and
• mobile vulnerabilities.
The concept of the number of attacks are operationalized
via:
• botnets; and
• recorded web-based attacks.
And the concept of the damage of attacks are
operationalized via:
• average cost per data breach;
• overall organizational cost from data breaches;
• the cost of detecting a data breach and escalating;
• post-breach reaction costs;
• lost business costs; and
• victim notification costs.
Table 2 presents some basic summary statistics on the
various indicators of the insecurity of cyberspace.

Download 1,22 Mb.

Do'stlaringiz bilan baham:

1 ... 5 6 7 8 9 10 11 12 ... 39