Misbehaving: Expected Utility Versus the Behavioral Reality of Cyber Standards

If there were to be a core premise of organizational cybersecurity it would be the reduction of risk, specifically cyber risk. The unifying theory for such a premise might state that organizations choose risk reduction strategies through optimization. That is, choosing the optimal risk reduction strategy given organizational constraints, such as budget, staffing, regulatory requirements, etc.

Powered by WordPress.com.

Up ↑