Jove
Visualize
Contact Us
JoVE
x logofacebook logolinkedin logoyoutube logo
ABOUT JoVE
OverviewLeadershipBlogJoVE Help Center
AUTHORS
Publishing ProcessEditorial BoardScope & PoliciesPeer ReviewFAQSubmit
LIBRARIANS
TestimonialsSubscriptionsAccessResourcesLibrary Advisory BoardFAQ
RESEARCH
JoVE JournalMethods CollectionsJoVE Encyclopedia of ExperimentsArchive
EDUCATION
JoVE CoreJoVE BusinessJoVE Science EducationJoVE Lab ManualFaculty Resource CenterFaculty Site
Terms & Conditions of Use
Privacy Policy
Policies

Related Concept Videos

Hazard Rate01:11

Hazard Rate

462
The hazard rate, also known as the hazard function or failure rate, is a statistical measure used to describe the instantaneous rate at which an event occurs, given that the event has not yet happened. From a probabilistic perspective, it represents the likelihood that a subject will experience the event in a very small time interval, conditional on surviving up to the beginning of that interval. In terms of frequency, the hazard rate can be viewed as the ratio of the number of events to the...
462
Ethical Standards I01:25

Ethical Standards I

1.6K
The American Nurses Association (ANA) created and implemented the first nationally accepted Code of Ethics for Nurses with Interpretive Statements. The Code of Ethics is a living document regularly updated by the ANA and establishes an ethical standard that is non-negotiable for nurses in all roles and settings.
The Code of Ethics provisions outline the nurse's duty to the patient, the healthcare team, the profession, and society. The Code's fundamental principles include advocacy,...
1.6K
Types of Biopharmaceutical Studies: Controlled and Non-Controlled Approaches01:23

Types of Biopharmaceutical Studies: Controlled and Non-Controlled Approaches

500
Biopharmaceutical studies constitute a vital field aiming to enhance drug delivery methods and refine therapeutic approaches, drawing upon diverse interdisciplinary knowledge. In research methodologies, the choice between controlled and non-controlled studies significantly influences the study's reliability and accuracy.
Non-controlled studies, commonly employed for initial exploration, lack a control group, rendering them susceptible to biases and external influences. In contrast,...
500
What are Estimates?01:06

What are Estimates?

8.9K
It isn't easy to measure a parameter such as the mean height or the mean weight of a population. So, we draw samples from the population and calculate the mean height or mean weight of the individuals in the sample. This sample data acts as a representative measure of the population parameter. These sample statistics are known as estimates. 
The estimate for the mean of a sample is denoted by ͞x, whereas the mean of the population is designated as μ. Further, parameters such...
8.9K
Pharmacovigilance01:19

Pharmacovigilance

1.8K
Post-marketing surveillance is a critical component of pharmaceutical regulation, often uncovering unanticipated adverse drug reactions (ADRs) once a drug is widely used over an extended period.
This process, termed pharmacovigilance, aims to detect, evaluate, and minimize harmful effects related to medication use. The data collection for pharmacovigilance depends on spontaneous reporting systems, where healthcare professionals or patients voluntarily report suspected ADRs.
In some cases, there...
1.8K
Steps in Outbreak Investigation01:18

Steps in Outbreak Investigation

635
In the ever-evolving field of public health, statistical analysis serves as a cornerstone for understanding and managing disease outbreaks. By leveraging various statistical tools, health professionals can predict potential outbreaks, analyze ongoing situations, and devise effective responses to mitigate impact. For that to happen, there are a few possible stages of the analysis:
635

You might also read

Related Articles

Articles linked to this work by shared authors, journal, and citation graph.

Sort by
Same author

Is common sense all you need? Using expert defined rules to identify vulnerability patches instead of machine learning.

Empirical software engineering·2026
Same author

Algorithm Perception When Using Threat Intelligence in Vulnerability Risk Assessment.

Risk analysis : an official publication of the Society for Risk Analysis·2026
Same author

Analyzing and mitigating (with LLMs) the security misconfigurations of Helm charts from Artifact Hub.

Empirical software engineering·2025
Same author

Risks of ignoring uncertainty propagation in AI-augmented security pipelines.

Risk analysis : an official publication of the Society for Risk Analysis·2025
Same author

On the effects of program slicing for vulnerability detection during code inspection.

Empirical software engineering·2025
Same author

CSEC<b></b> framework assessment dataset: Expert evaluations of cybersecurity skills for job profiles in Europe.

Data in brief·2023
Same journal

Competition and Collaboration in the AI Race: Country-LevelDirectional Evidence for Risk Monitoring and Policy.

Risk analysis : an official publication of the Society for Risk Analysis·2026
Same journal

Cyber Resilience: Management With Cybersecurity Controls.

Risk analysis : an official publication of the Society for Risk Analysis·2026
Same journal

Jack Fowle: Combining Values, Experience, and Teamwork to Improve Risk Analysis.

Risk analysis : an official publication of the Society for Risk Analysis·2026
Same journal

A Hybrid FMEA-AHP Framework for Risk Prioritization in Nontransparent Artificial Intelligence Systems.

Risk analysis : an official publication of the Society for Risk Analysis·2026
Same journal

Trust-Building Communication for Extreme Heat Preparedness.

Risk analysis : an official publication of the Society for Risk Analysis·2026
Same journal

Spring Broken: A Risk Analysis of Fatal and Nonfatal Traffic Injuries in Florida.

Risk analysis : an official publication of the Society for Risk Analysis·2026
See all related articles

Related Experiment Video

Updated: Feb 24, 2026

Implementation of a Real-Time Psychosis Risk Detection and Alerting System Based on Electronic Health Records using CogStack
07:31

Implementation of a Real-Time Psychosis Risk Detection and Alerting System Based on Electronic Health Records using CogStack

Published on: May 15, 2020

8.2K

Security Events and Vulnerability Data for Cybersecurity Risk Estimation.

Luca Allodi1, Fabio Massacci2

  • 1Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Eindhoven, The Netherlands.

Risk Analysis : an Official Publication of the Society for Risk Analysis
|August 12, 2017
PubMed
Summary
This summary is machine-generated.

This study introduces a quantitative cybersecurity risk model using security operation center data to estimate attack probability. It contrasts with current qualitative methods, offering a more precise approach for untargeted, two-stage cyber attacks.

Keywords:
Attack likelihoodcybersecurity eventsquantitative riskvulnerabilities

More Related Videos

Data Acquisition Protocol for Determining Embedded Sensitivity Functions
07:46

Data Acquisition Protocol for Determining Embedded Sensitivity Functions

Published on: April 20, 2016

6.5K

Related Experiment Videos

Last Updated: Feb 24, 2026

Implementation of a Real-Time Psychosis Risk Detection and Alerting System Based on Electronic Health Records using CogStack
07:31

Implementation of a Real-Time Psychosis Risk Detection and Alerting System Based on Electronic Health Records using CogStack

Published on: May 15, 2020

8.2K
Data Acquisition Protocol for Determining Embedded Sensitivity Functions
07:46

Data Acquisition Protocol for Determining Embedded Sensitivity Functions

Published on: April 20, 2016

6.5K

Area of Science:

  • Cybersecurity Risk Management
  • Quantitative Risk Assessment
  • Information Security

Background:

  • Current cybersecurity risk estimation relies on qualitative matrices, unlike other sectors (e.g., Finance with Basel II) that use quantitative methods.
  • Existing qualitative approaches may not accurately reflect the true probability of cyber attacks.
  • A significant gap exists between traditional qualitative risk assessments and quantitative methodologies in cybersecurity.

Purpose of the Study:

  • To present a novel model and methodology for quantitatively estimating the probability of cyber attacks.
  • To leverage data from an organization's Security Operation Center (SOC) for more accurate risk assessment.
  • To address untargeted, automated, and two-stage cyber attacks prevalent in the wild.

Main Methods:

  • Developed a quantitative model to estimate attack probability using SOC data.
  • Incorporated attacker capabilities, defined as the number of weaponized vulnerabilities.
  • Modeled two-stage attacks: initial breach of internet-facing systems followed by internal escalation.
  • Methodology is adjustable to align with an organization's specific risk appetite.

Main Results:

  • Demonstrated a quantitative approach to estimate attack probability, contrasting with qualitative industry standards.
  • Successfully applied the methodology using data from a large financial institution.
  • Highlighted a significant discrepancy between traditional qualitative risk assessments and the proposed quantitative approach.

Conclusions:

  • The proposed quantitative methodology offers a more precise estimation of cybersecurity risk compared to qualitative matrices.
  • Leveraging SOC data enables a data-driven approach to understanding and mitigating cyber threats.
  • This quantitative model provides a valuable tool for organizations to better manage their cybersecurity posture and risk exposure.