Clicca qui per scaricare

Cyber Risk. The New Enemy for Risk Management in the Age of Globalisation
Titolo Rivista: MANAGEMENT CONTROL 
Autori/Curatori: Chiara Crovini, Giovanni Ossola, Pier Luigi Marchini 
Anno di pubblicazione:  2018 Fascicolo: 2 Suppl. Lingua: Inglese 
Numero pagine:  21 P. 135-155 Dimensione file:  248 KB
DOI:  10.3280/MACO2018-SU2007
Il DOI è il codice a barre della proprietà intellettuale: per saperne di più:  clicca qui   qui 


The present paper is a theoretical study on the topic of cyber risk and cyber risk management. This research represents the first step of a far deeper analysis on this topic that aims at underlining the main characteristics of cyber risk, delineating future developments in managing it and strengthening the importance of sharing information and creating a shared knowledge between countries. Good situational awareness and cyber risk analytics are vital in helping firms identify weaknesses, rank threat scenarios, identify countermeasures and set priorities for intelligence gathering. There emerges the need to improve the traditional risk management process, by considering the necessity to manage not only risks, but also uncertainties, by implementing Business Continuity Management systems with the aim to build business resilience. To do that, one possible solution might be represented by the intervention of gov-ernments with laws and frameworks that might help companies fight cyber threats.


Keywords: Cyber Risk Management, Cyber Risk, Business Continuity Manage-ment, Theoretical Paper, Globalisation, Resilience.

  1. Abbott A. (2004), Methods of Discovery: Heuristics for the Social Sciences. New York, W. W. Norton.
  2. ACFE (2011), Fundamentals of Computer and Internet Fraud, -- http://www.acfe.com/uploadedfiles/shared_content/products/self-study_cpe/fundamentals-of-computer-and-internet-fraud-2011-chapter-excerpt.pdf [Last accessed: May, 2017].
  3. Alvesson M., Kärreman D. (2007), Constructing mystery: empirical matters in theory development, Academy of Management Review, 32, pp. 1265-81., 10.5465/AMR.2007.26586822DOI: 10.5465/AMR.2007.26586822
  4. Alvesson M., Kärreman D. (2011), Qualitative Research and Theory Development. Mystery as Method, London, Sage., 10.4135/9781446287859DOI: 10.4135/9781446287859
  5. Alvesson M., Sandberg J. (2011), Generating research questions through problematization, Academy of Management Review, 36, pp. 247-71.
  6. Alvesson M., Sandberg J. (2013), Constructing Research Questions: Doing Interesting Re-search, London, Sage., 10.4135/9781446270035DOI: 10.4135/9781446270035
  7. Amaduzzi A. (1961), La pianificazione nell’economia dell’azienda industriale, Torino, Giappichelli.
  8. Bernoulli D. (1954), Exposition of a new theory on the measurement of risk, Econometrica, 22, 1, pp. 23-36., 10.2307/1909829DOI: 10.2307/1909829
  9. Bertini U. (1987). Introduzione allo studio dei rischi nell'economia aziendale, Milano, Giuffrè.
  10. Beyer H., Sendhoff B. (2007), Robust optimization – a comprehensive survey, Computer Methods in Applied Mechanics and Engineering, 196, 33-34, pp. 3190-3218.
  11. Biener C., Eling M., Wirfs J.H. (2015), Insurability of Cyber Risk: An Empirical Analysis, Working Paper of Finance, University of St. Gallen, no. 2015/3.
  12. Boin A. (2010), Designing Resilience: Leadership Challenges in Complex Administrative Systems, in Comfort L. K., Boin A. and Demchak C. eds, Designing Resilience: Preparing for Extreme Events, 129-141, Pittsburgh, PA, Pittsburgh University Press.
  13. Boin A., Hart P., Stern E., Sundelius B. (2005), The Politics of Crisis Management: Public Leadership Under Pressure, Cambridge, Cambridge University Press.
  14. Boin A., van Eeten J.G. (2013), The resilient organisation, Public Management Review, 15, 3, pp. 429-445., 10.1080/14719037.2013.769856DOI: 10.1080/14719037.2013.769856
  15. Brusa L. (2012), Sistemi manageriali di programmazione e controllo, Milano, Giuffrè.
  16. Capaldo P. (1965), La programmazione aziendale, Milano, Giuffrè.
  17. Chapman C.B., Cooper D.F. (1983), Risk engineering: Basic controlled interval and memory models, Journal of the Operational Research Society, 34, 1, pp. 51-60.
  18. Chessa F. (1929), La teoria economica del rischio e dell’assicurazione, Vol. I, Padova, Cedam.
  19. CIS Sapienza, CINI (2015), Italian Cyber Security Report. Un report nazionale per la cyber security, -- www.cybersecurityreport.com [Last accessed: February, 2017].
  20. Comfort L.K., Boin R.A., Demchak C., eds (2010), Designing Resilience: Preparing for Extreme Events, Pittsburgh, PA, Pittsburgh University Press.
  21. Committee of Sponsoring Organizations of the Treadway Commission (COSO), (2004). Enterprise Risk Management - Integrated Framework, Vol. 2. -- http://www.coso.org/erm-integratedframework.htm [Last accessed June 18, 2016].
  22. Corsani G. (1941), La gestione delle imprese mercantili e industriali, Padova, Cedam.
  23. Davis M. S. (1971), That’s interesting! Towards a phenomenology of sociology and a sociology of phenomenology, Philosophy of Social Sciences, 1, pp. 309-44., 10.1177/00483931710010021DOI: 10.1177/00483931710010021
  24. D'Onza G. (2008), Il sistema di controllo interno nella prospettiva del risk management, Milano, Giuffrè.
  25. Drennan L., McConnell A. (2007), Risk and Crisis Management in the Public Sector, Abingdon, Routledge.
  26. Ferrero G. (1968), Istituzioni di economia d’azienda, Milano, Giuffrè.
  27. Ferrero G. (1987), Impresa e Management, Milano, Giuffrè.
  28. Fisher I. (1919), Nature of capital and income, New York, MacMillan.
  29. Foster H. (1993), Resilience Theory and System Evaluation, in Wise J. A., Hopkin V. D., Stager P. eds, Verification and Validation of Complex Systems: Human Factor, 35-60, NATO Advanced Science Institutes, Series F: Computer and Systems Sciences, Vol. 110, New York, Springer.
  30. Giannessi E. (1960), Le aziende di produzione originaria - Le aziende agricole, Vol. I., Pisa, C. Cursi.
  31. Gigerenzer G., Hertwig R., Pachur T. (2011), Heuristics: The foundations of adaptive behaviour, 1st edition, New York, Oxford University Press
  32. Gobbi U. (1919), Trattato di Economia, Milano, Società editrice Libraria.
  33. Hardy C.O. (1931), Risk and Risk-bearing, Chicago, The University of Chicago Press.
  34. Head L.G. (2009), Risk Management – Why and How, Dallas, Texas, International Risk Management Institute.
  35. Hieb J.L. (2007), Cyber security risk assessment for SCADA and DCS networks, ISA Transactions, 46, pp. 583-594
  36. Hoffmann A., Ramaj H. (2011), Interdependent risk networks: the threat of cyber attack, International Journal of Management and Decision Making, 11, 5/6, pp. 312-323., 10.1504/IJMDM.2011.043406DOI: 10.1504/IJMDM.2011.043406
  37. Kaplan R.S., Mikes A. (2012), Managing Risks: A New Framework, Harvard Business Re-view, 90, 6, 16.
  38. Kendra J., Wachtendorf T. (2003), Elements of Resilience After the World Trade Center Disaster: Reconstituting New York City’s Emergency Operations Center, Disasters, 27, 1, pp. 37-53., 10.1111/1467-7717.00218DOI: 10.1111/1467-7717.00218
  39. Knight F.H. (1921), Risk, Uncertainty and Profit, Boston, Houghton Mifflin Co..
  40. Laurence A.G., Loeb M.P., Sohail T. (2003), A Framework for Using Insurance for Cyber-risk Management, Communications of the ACM, 46, 3, pp. 81-85., 10.1145/636772.636774DOI: 10.1145/636772.636774
  41. MMC Cyber Handbook (2016), Increasing Resilience in the digital economy, Global Risk Center, -- www.mmc.com [Last accessed: February, 2017].
  42. Mousavi S., Gigerenzer G. (2014), Risk, uncertainty and heuristics, Journal of Business Re-search, 67, pp. 1671-1678.
  43. Mukhopadhyay A., Chatterjee S., Saha D., Mahanti A., Sadhukan S.K. (2013), Cyber-risk decision models: To insure IT or not?, Decision Support Systems, 56, pp. 11-26.
  44. Mukhopadhyay A., Saha D., Chakrabarti B.B., Mahanti A., Podder A. (2005), Insurance for Cyber-risk: A Utility Model, Decision, 32, 1, pp. 153-169.
  45. National Institute of Standards and Technology (2017), Framework for Improving Critical Infrastructure Cybersecurity, -- www.nist.gov/cyberframework [Last accessed: February, 2017].
  46. Oberparleiter K. (1955), Funktionen und Risiken des Warenhendels, Wien, Spaeth & Linde.
  47. Öğüt H., Menon N. (2005), Cyber insurance and IT security investment: impact of interdependent risk, Fourth Workshop on the Economics of Information Security (WEIS), Harvard.
  48. Öğüt H., Raghunathan S., Menon N. (2011), Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection, Risk Analysis, 31, 3, pp. 497-512.
  49. Power M. (2004), The risk management of everything : rethinking the politics of uncertainty, London, Demos.
  50. Power M. (2009), The risk management of nothing, Accounting, Organizations and Society, 34, pp. 849-855.
  51. PricewaterHouseCoopers (2015), Enhancing business resilience: Transforming Cyber risk management through the role of the Cief Risk Officer (CRO), December, -- www.pwc.com/financialservices.
  52. Reid R., and Courtenay Botterill L. (2013), The Multiple Meanings of 'Resilience': An Overview of the Literature, Australian Journal of Public Administration, 72, 1, pp. 31-40., 10.1111/1467-8500.12009DOI: 10.1111/1467-8500.12009
  53. Ruan K. (2017), Introducing cybernomics: A unifying economic framework for measuring cyber risk, Computers & Security, 65, pp. 77-89.
  54. Sandberg J., Tsoukas H. (2011), Grasping the logic of practice. Theorizing through practical rationality, Academy of Management Review, 36, pp. 338-60., 10.5465/AMR.2011.59330942DOI: 10.5465/AMR.2011.59330942
  55. Sassi S. (1940), Il sistema dei rischi d’impresa, Milano, Vallardi.
  56. Soin K., Collier P. (2013), Risk and risk management in management accounting and control, Management Accounting Research, 24, 2, pp. 82-87.
  57. Spencer M., Siegelman L. (1964), Managerial Economics. Decision Making and forward planning, Homewood, Irvin.
  58. Sullivan-Taylor B. and Wilson D.C. (2009), Managing the Threat of Terrorism in British Travel and Leisure Organizations, Organization Studies, 30, 2-3, pp. 251-276., 10.1177/0170840608101480DOI: 10.1177/0170840608101480
  59. Torabi S.A., Giahi R., and Sahebjamnia N. (2016), An enhanced risk assessment framework for business continuity management systems, Safety Science, 89, pp. 201-218.
  60. Vale L. J., Campanella T. J. (2005), The Resilient City: How Modern Cities Recover From Disaster, Oxford, Oxford University Press.
  61. Wildavsky A. (1988), Searching for Safety, New Brunswick, NJ, Transaction Books.
  62. Willet A.H. (1901), The economic theory of risk and insurance, in Studies in History, Economics and Public Law, Vol. XIV, New York, The Columbia University Press.
  63. Woods D. D., Hollnagel E. (2006), Joint Cognitive Systems: Patterns in Cognitive Systems Engineering, Boca Raton, FL, Taylor and Francis.
  64. Zappa G. (1927), Tendenze nuove negli studi di ragioneria, discorso inaugurale dell’anno accademico 1926-27 nel R. Istituto Superiore di Scienze economiche e commerciali di Venezia.
  65. Zappa G. (1956), Le produzioni nelle economie delle imprese, Tomo I, Milano, Giuffrè.



  1. Pietro Russo, Alberto Caponi, Marco Leuti, Giuseppe Bianchi, A Web Platform for Integrated Vulnerability Assessment and Cyber Risk Management in Information /2019 pp. 242, DOI: 10.3390/info10070242
  2. Mario Vega-Barbas, Víctor A. Villagrá, Fernando Monje, Raúl Riesco, Xavier Larriva-Novo, Julio Berrocal, Ontology-Based System for Dynamic Risk Management in Administrative Domains in Applied Sciences /2019 pp. 4547, DOI: 10.3390/app9214547

Chiara Crovini, Giovanni Ossola, Pier Luigi Marchini, in "MANAGEMENT CONTROL" 2 Suppl./2018, pp. 135-155, DOI:10.3280/MACO2018-SU2007

   

FrancoAngeli è membro della Publishers International Linking Association associazione indipendente e no profit per facilitare l'accesso degli studiosi ai contenuti digitali nelle pubblicazioni professionali e scientifiche