چكيده فارسي :
Cyberthreats affect all kinds of organizations, from private companies to public administrations, including also critical infrastructures. Risk analysis is an essential tool to address them as it allows organizations to deal with the threats affecting them, prioritize the defence of their assets and decide what countermeasures should be implemented. Many risk analysis methods are present in cybersecurity control models, compliance frameworks and international standards. However, most of them are less than satisfactory, focusing on risk matrix based approaches. After outlining one of the main existing proposals in this field as an example, a comprehensive framework for risk analysis in cybersecurity will be proposed including the presence of adversarial threats and the use of insurance as part of the security portfolio. A case study outlining the proposed framework is presented.
