PhD Thesis

Risk in Cyber Systems and Security Administration

by Dr. Mailwasagan Udaya Jeewan

Download Research PDF

Research Overview

This dissertation, titled “Risk in Cyber Systems and Security Administration,” explores the challenge of assessing and managing cyber risk in modern organizations, particularly in the context of limited data, uncertainty, and rapidly evolving threats. It highlights that many organizations struggle to make effective cybersecurity investment decisions because traditional approaches rely heavily on qualitative assessments, intuition, or ambiguous tools such as risk matrices. These methods often fail to capture the complexity of cyber threats, leading to inefficient allocation of resources and misjudgment of actual risks.

The study introduces a quantitative framework based on probabilistic risk analysis (PRA), which enables organizations to evaluate cyber risks in measurable terms, particularly financial impact. By modeling different cyber attack scenarios—such as phishing, website attacks, malware infections, and lost devices—and analyzing both their frequency and consequences, the research demonstrates how risk can be systematically quantified. The framework integrates historical incident data with scenario-based analysis and uses Monte Carlo simulation to generate probability distributions of potential losses. This allows decision-makers to better understand uncertainty, compare different security investments, and prioritize safeguards based on their cost-effectiveness.

Overall, the dissertation provides a comprehensive approach to transforming cyber risk management from a qualitative, perception-driven process into a data-driven and analytical discipline. It emphasizes that accurate risk quantification not only improves decision-making but also enhances an organization’s ability to allocate resources efficiently, respond proactively to threats, and navigate the increasingly complex cybersecurity landscape