Search Icon
2026 Program

A Data-driven Approach to Rating Cybersecurity Risk and Investing SOC Resources Efficiently

Anup K Ghosh

One of the hardest challenges for companies and their officers is determining how much to spend on cybersecurity and the appropriate allocation of those resources. Security “investments” are a cost on the ledger, and as such, companies do not want to spend more on security than they have to. The question most boards have is “how much security is enough?” and “how good is our security program?” Most CISOs and SOC teams have a hard time answering these questions for a lack of data and framework to measure risk and compare with other similar sized companies. This paper presents a data-driven practical approach to assessing and scoring cybersecurity risk that can be used to allocate resources efficiently a nd mitigate cybersecurity risk in areas that need it the most. We combine both static and dynamic measures of risk to give a composite score more indicative of cybersecurity risk over static measures alone.

Paper

View More Papers

Thwarting Smartphone SMS Attacks at the Radio Interface Layer

Haohuang Wen (Ohio State University), Phillip Porras (SRI International), Vinod Yegneswaran (SRI International), Zhiqiang Lin (Ohio State University)

Read More

Un-Rocking Drones: Foundations of Acoustic Injection Attacks and Recovery...

Jinseob Jeong (KAIST, Agency for Defense Development), Dongkwan Kim (Samsung SDS), Joonha Jang (KAIST), Juhwan Noh (KAIST), Changhun Song (KAIST), Yongdae Kim (KAIST)

Read More

MetaWave: Attacking mmWave Sensing with Meta-material-enhanced Tags

Xingyu Chen (University of Colorado Denver), Zhengxiong Li (University of Colorado Denver), Baicheng Chen (University of California San Diego), Yi Zhu (SUNY at Buffalo), Chris Xiaoxuan Lu (University of Edinburgh), Zhengyu Peng (Aptiv), Feng Lin (Zhejiang University), Wenyao Xu (SUNY Buffalo), Kui Ren (Zhejiang University), Chunming Qiao (SUNY at Buffalo)

Read More