A very crucial issue when dealing with the use of statistical and machine learning methods in Fintech applications is the construction of predictive accuracy diagnostics able to mitigate the risk of taking wrong actions. The motivation of our proposal is to further develop a more general measure, based on the distance between the observed response variable values and the same observed values ranked according to the corresponding values predicted by a given model. The measure, that we call Rank Graduation index (RG), can be used regardless of the nature of the response variable and is found quite effective in its application to cyber risk measurement. The main problem that arises in cyber risk measurement is indeed the lack of data, as the victims are not very willing to disclose such data. However, while the original continuous loss data may not be available, ordinal data that organise the observed loss frequency into severity classes may be so. This requires using ordinal data modeling techniques and, in particular, to rank the severity levels according to their level of importance. In the paper we propose an extension of the RG index to the ordinal context and, therefore, suggest a general way to prioritise cyber risks that is a function of their ranks. The proposed measure is validated through a real application that concerns cyber risk data collected at the worldwide level, classified by type of attack, victim and country of occurrence.
A rank-based measure to prioritise cyber risks / E. Raffinetti, P. Giudici. ((Intervento presentato al 30. convegno EURO : European Conference on operational research tenutosi a Dublin nel 2019.
A rank-based measure to prioritise cyber risks
E. Raffinetti
;
2019
Abstract
A very crucial issue when dealing with the use of statistical and machine learning methods in Fintech applications is the construction of predictive accuracy diagnostics able to mitigate the risk of taking wrong actions. The motivation of our proposal is to further develop a more general measure, based on the distance between the observed response variable values and the same observed values ranked according to the corresponding values predicted by a given model. The measure, that we call Rank Graduation index (RG), can be used regardless of the nature of the response variable and is found quite effective in its application to cyber risk measurement. The main problem that arises in cyber risk measurement is indeed the lack of data, as the victims are not very willing to disclose such data. However, while the original continuous loss data may not be available, ordinal data that organise the observed loss frequency into severity classes may be so. This requires using ordinal data modeling techniques and, in particular, to rank the severity levels according to their level of importance. In the paper we propose an extension of the RG index to the ordinal context and, therefore, suggest a general way to prioritise cyber risks that is a function of their ranks. The proposed measure is validated through a real application that concerns cyber risk data collected at the worldwide level, classified by type of attack, victim and country of occurrence.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Abstract_EURO_2019.pdf
accesso aperto
Tipologia:
Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione
106.82 kB
Formato
Adobe PDF
|
106.82 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
