Information and communication technologies (ICT) have over the decades brought significant benefits to enterprises, individuals, and society as a whole. This is clearly evident when considering the wide and profound impact of the Internet in a great many parts of our daily lives. The internet, and more broadly cyberspace, has become a cornerstone for a broad range of services and activities that today we take for granted, yet our daily lives, fundamental rights, economies and social security depend on ICT working seamlessly.

At the same time, cyberspace has introduced, and continues to introduce, numerous new threats and vulnerabilities. Organisations from many different sectors are increasingly exposed to cyber security incidents of many different kinds and degrees of severity. These include information theft, disruption of services, privacy and identity abuse, fraud, espionage, and sabotage. At a larger scale, societies are threatened by possible attacks on critical infrastructures via cyberspace, as well as the potential for cyber-terrorism and even cyber-warfare.

To ensure a satisfactory level of cyber security, organisations need to understand the nature of cyber risk, how it differs from other kinds of risks and what methods and tools they need for cyber-risk management. Cyber-risk Management, published by Springer (2015), gives a short introduction to risk management, focusing on cyber security and cyber-risk assessment. It explains the underlying terminology and the processes of risk management. It provides guidance and hands-on examples on how to conduct cyber-risk assessment in practice.

Cyber-Risk Management, Springer Briefs in Computer Science, 2015

Authors: Atle Refsdal, Bjornar Solhaug and Ketil Stolen