ABSTRACT
This chapter presents a case study to illustrate the Cybersecurity Risk Management model, which is designed to assist organisations in selecting their optimal “cybersecurity portfolio,” including their choice of a cyber insurance product. This case study focuses on Median, an IT-intensive SME that provides web hosting and web application services in the country of Small Nation. The chapter covers the formulation of the model, how to assess each of the components, and how to solve for the optimal cybersecurity portfolio. This includes showing how to assess components in situations in which there is limited data, relying on structured expert judgement techniques instead. The chapter examines how the proposed security controls affect the likelihood of the various threats occurring and/or their impact if they do occur. It looks at the factors that adversaries take into account when deciding whether or not to attack. These include their uncertainties and objectives.
