|
|
Scale, Complexity, and Cybersecurity Risk ManagementDOI: 10.4236/jis.2024.154029, PP. 524-544 Keywords: Complexity, Cybersecurity, Scale, Scaling Relations, Stochastic, Linear, Non-Linear, Macroscopic, Organized Complexity, Disorganized Complexity Abstract: Elementary information theory is used to model cybersecurity complexity, where the model assumes that security risk management is a binomial stochastic process. Complexity is shown to increase exponentially with the number of vulnerabilities in combination with security risk management entropy. However, vulnerabilities can be either local or non-local, where the former is confined to networked elements and the latter results from interactions between elements. Furthermore, interactions involve multiple methods of communication, where each method can contain vulnerabilities specific to that method. Importantly, the number of possible interactions scales quadratically with the number of elements in standard network topologies. Minimizing these interactions can significantly reduce the number of vulnerabilities and the accompanying complexity. Two network configurations that yield sub-quadratic and linear scaling relations are presented.
|
