Predicting Cybersecurity Risk - A Methodology for Assessments




Information Security, Cybersecurity, cybercrime, iso


Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.
However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.
There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.


Abu MS et al. (2018) Cyber threat intelligence–issue and challenges. Indones J Electr Eng Comput Sci 10(1):371–379 DOI:

Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How the integration of cyber security management and incident response enables organizational learning. DOI:

Atkins, S., & Lawson, C. (2020). An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure. DOI:

Balla Moussa Dioubate & Wan Daud, Wan Norhayate, A Review of Cybersecurity Risk Management Framework in Malaysia Higher Education Institutions, 10 May 2022 DOI:

Bowen, B. M., Devarajan, R., & Stolfo, S. (2011). Measuring the human factor of cyber security. Paper presented at 2011 IEEE International Conference on Technologies for Homeland Security (HST), Boston, MA. (230–235). IEEE; DOI:

Chad Ashley, Michelle Preiksaitis, Strategic Cybersecurity Risk Management Practices for Information in Small and Medium Enterprises, ARTICLES Published 2022-06-01




How to Cite

D. J. Ferreira and H. São Mamede, “Predicting Cybersecurity Risk - A Methodology for Assessments”, ARIS2-Journal, vol. 2, no. 2, pp. 50–63, Dec. 2022.