Intentional Risk and Cyber-Security: A Motivating Introduction

Protecting digital assets has become increasingly difficult. For cyber-attackers, a successful infiltration will grant them valuable stolen assets or confer them beneficial strategic advantages. The main driver to assess the risk of a cyber-attack is the expected profit or benefit that the attacker will gain out of it. Two theoretical elements configure the pillars for a suitable high-level mathematical cyber-security model. On one hand, Game Theory, based on the stability analysis of the John Nash equilibrium Intentionality management and, on the other hand, Complex Network Theory (structure and dynamics) that provides a physical and logical structure where the game is played. The aim of this book is to present this cyber-risk management methodology and tools together with the scientific, mathematical and theoretical basis to support it. We present this management methodology by introducing the concept of intentionality as the backbone of cyber-risk management. This will allow information security professionals to better decision-making through real-time scenario analysis.