Common use of Structure of the document Clause in Contracts

Structure of the document. After completing the introduction in this section, we continue by explaining the role of the cyber risk modelling in the WISER framework in Section 2. Having thus provided the context, in Section 3 we explain our rationale for selecting the three WISER risk modelling languages, which are CORAS for human-readable risk models, DEXi for qualitative risk assessment algorithms, and R for quantitative risk algorithms. In Section 4, we give a short overview of each of these languages, in order to provide some background for the rest of the document aimed at readers not familiar with the languages, as well as references for further information. We then move on to the actual guidelines. In Section 5, we present the overall method for risk cyber risk modelling in WISER. This overall method is the same whether one chooses to use qualitative or quantitative assessment. Section 6 provides specific guidelines for creating CORAS models, which is the first step of the overall method and is performed independently of whether qualitative or quantitative assessment will be used. In Section 7, we give guidelines for defining qualitative assessment algorithms based on a CORAS diagram using DEXi, while Section 8 offer similar guidelines for quantitative algorithms using R. Although simple support for impact assessment is included in Section 7 and Section 8, these sections are primarily dedicated to likelihood assessment. In Section 9, we present a more in-depth approach to economic impact assessment, while societal impact assessment is addressed in Section 10. We then conclude in Section 11. This document also contains five appendices. Appendix I defines what it means for a function on intervals to be monotonically increasing, as this concept plays a role in the guidelines offered in Section 8. Appendix II presents the naming conventions we use in order to ensure clear links between the elements of a CORAS diagram and a corresponding DEXi model or R script. The next three appendices illustrate results of applying the guidelines from Section 7 and Section 8 on a CORAS diagram. First, we present the CORAS diagram in Appendix III. Then we show a corresponding DEXi model in Appendix IV, and finally a corresponding R script in Appendix V.

Structure of the document. After completing the introduction in this section, we continue by explaining the role of the cyber risk modelling in the WISER framework in Section 2. Having thus provided the contextNext, in Section 3 we explain our rationale for selecting the three WISER risk modelling languages, which are CORAS for human-readable risk models, DEXi for qualitative risk assessment algorithms, and R for quantitative risk algorithms. In Section 4, we give a short overview of each of these languages, in order to provide some background for the rest of the document aimed at readers not familiar with the languages, as well as references for further information. We then move on to the actual guidelines. In Section 5, we present simple guidelines for modelling the target of analysis, while Section 6 presents the overall method for risk cyber risk modelling in WISER. This overall method is the same whether one chooses to use qualitative or quantitative assessment. Section 6 7 provides specific guidelines for creating CORAS models, which is the first step of the overall method and is performed independently of whether qualitative or quantitative assessment will be used. In Section 78, we give guidelines for quantitative algorithms using R, while Section 9 offers similar guidelines for defining qualitative assessment algorithms based on a CORAS diagram using DEXi, while Section 8 offer similar guidelines for quantitative algorithms using R. Although simple . Having thus provided methodological support for developing assessment algorithms, we explain the integration of such algorithms in the Risk Assessment Engine in Section 10. Although the representation of impact assessment in the R and DEXi algorithms is included in Section 7 8 and Section 89, these sections are primarily dedicated to likelihood do not provide thorough methodological guidelines for impact assessment. In Section 911, we present a more in-depth approach to such guidelines for economic impact assessment, while societal impact assessment is addressed in Section 1012. Notice that, unlike Section 8 and Section 9, the guidelines provided in Section 11 and Section 12 are meant to support users making assessments (typically in order to be able to answer business configuration questions), rather than to create algorithms to be executed by the Risk Assessment Engine. We then conclude present our conclusion in Section 1113. This document also contains five appendices. Appendix I defines what it means shows the naming convention used for a function on intervals to be monotonically increasingmodel elements occurring in CORAS diagrams and corresponding R and DEXi algorithms. Appendix II introduces Bayesian networks for risk modelling, as this concept plays a which play an important role in the guidelines offered in Section 8development of the quantitative algorithms. In Appendix II presents the naming conventions we use in order to ensure clear links between the elements of a CORAS diagram and a corresponding DEXi model or R script. The next three appendices illustrate results of applying the guidelines from Section 7 and Section 8 on a CORAS diagram. FirstIII, we present numerical results from a worked example of application of the CORAS diagram guidelines for quantitative algorithms. Appendix IV shows the result of application of the guidelines for qualitative algorithms. Finally, in Appendix III. Then V we show give a corresponding DEXi model detailed description of the method we have used to validate the quantitative and qualitative algorithms for the ten risk patterns that were documented in Appendix IV, and finally a corresponding R script in Appendix V.D3.1.