Combining threat models with security economics
The goal with this study is to answer the following research question: How can threat
models in combination with economic incentives improve cyber risk quantications? When
developing these models, there is a need to accept the general unavailability of reliable
historical data, and instead build on data about the present to project the future. Iden-
tifying reliable data sources and models for opportunity cost for attackers and losses for
defenders will be of benet when estimating likelihood and severity for unwanted events.