A cybersecurity risk assessment

  • 1 Nikola Vaptsarov Naval Academy, Varna, Bulgaria


The main purpose of this paper is to offer a data-driven approach to assess cyber risk and to ensure appropriate confidentiality, integrity, and availability. A study presents the decision hierarchical model of cyber security risk assessment based on AHP methodology and describes a quantitative measure for evaluating and ranking security incidents. It can be used to conduct cost-benefit analysis, design and optimize cybersecurity in the systems.



  1. Biener, C. ,M. Eling, and J. H. Wirfs, ―Insurability of cyber risk: an empirical analysis,‖ The Geneva Papers on Risk and Insurance—Issues and Practice, vol. 40, no. 1, pp. 131–158, 2015.
  2. Ishizaka A., P. Nemery, Multi-criteria decision analysis methods and software, Chichester: John Wiley and Sons, (2013).
  3. Mardani A., A. Jusoh, K. Nor, Z. Khalifah, N. Zakwan, A. Valipour, Multiple criteria decision-making techniques and their applications – a review of the literature from 2000 to 2014, Economic Research-Ekonomska Istraživanja, 2015.
  4. Muhammad N., N. Cavus. Fuzzy DEMATEL method for identifying LMS evaluation criteria. 9th International Conference on Theory and application of Soft Computing, Computing with Words and Perception, 2017.
  5. Naumov S. and I. Kabanov, ―Dynamic framework for assessing cyber security risks in a changing environment,‖ in Proceedings of the 2016 International Conference on Information Science and Communications Technologies (ICISCT), pp. 1–4, Tashkent, Uzbekistan, November 2016.
  6. Petrova V., Using the Analytic Hierarchy Process for LMS selection, CompSysTech '19: 20th International Conference on Computer Systems and Technologies, June 2019, Ruse, Bulgaria, Pages 332–336, ISBN: 978-1-4503-7149-0.
  7. Rot, A., ―IT risk assessment: quantitative and qualitative approach,‖ in Proceedings of the World Congress on Engineering and Computer Science 2008 (WCECS 2008), San Francisco, CA, USA, October 2008.
  8. Saaty, T.L., 1980. The Analytic Hierarchy Process. McGraw-Hill, New York.
  9. Saaty T., Theory and Applications of the Analytic Network Process, RWS Publications, 2005.
  10. Saaty T., L. Vargas, Models, methods, concepts, and application of the analytic hierarchy process, New York: Springer, 2012.
  11. Sum, R., Risk Prioritisation Using The Analytic Hierarchy Process. Innovation and Analytics Conference and Exhibition (IACE 2015)AIP Conf. Proc. 1691, 030028-1–030028-8; doi: 10.1063/1.4937047
  12. Ugur Aksu M., M. Hadi Dilek, E. Islam Tatli et al., ―A quantitative CVSS-based cyber security risk assessment methodology for IT systems,‖ in Proceedings of the 2017 International Carnahan Conference on Security Technology, pp. 1– 8, ICCST, Madrid, Spain, October 2017.

Article full text

Download PDF