This paper presents a scenario-based analysis of a cyberattack targeting a university admissions office through spear-phishing, demonstrating how a local breach can escalate into broader systemic risks within interconnected networks such as Studielink and DUO. An adaptive temporal-causal network modeling approach is used to simulate the cascading effects of the breach and the institutional response over time. The model visualizes the interactions between critical states, such as malware detection, data compromise, and suspension of the admissions process, and allows for a What-If analysis. This analysis explores how variations in the speed of data compromise, reputational damage thresholds, and communication timing affect the system’s ability to contain the attack. The findings emphasize the importance of timely response, effective communication strategies, and coordinated preparedness across organizations. By showing how different parts of the system are connected and where things can go wrong, this study helps organizations better understand the risks of a cyberattack. It supports cyber risk management by making it easier to prepare for incidents, improve response plans and reduce the impact of future attacks. A key limitation is that some probabilities were based on expert estimates rather than empirical data, highlighting the need for future validation through diverse scenario testing.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Computational Analysis of Cascade Cyber Risk Management in Student Admissions Processes

  • Nienke Brendel,
  • Noa Sophia Holl,
  • Noëlle Kalee,
  • Anna Kummer,
  • Debby Bouma,
  • Jan Treur,
  • Peter H. M. P. Roelofsma

摘要

This paper presents a scenario-based analysis of a cyberattack targeting a university admissions office through spear-phishing, demonstrating how a local breach can escalate into broader systemic risks within interconnected networks such as Studielink and DUO. An adaptive temporal-causal network modeling approach is used to simulate the cascading effects of the breach and the institutional response over time. The model visualizes the interactions between critical states, such as malware detection, data compromise, and suspension of the admissions process, and allows for a What-If analysis. This analysis explores how variations in the speed of data compromise, reputational damage thresholds, and communication timing affect the system’s ability to contain the attack. The findings emphasize the importance of timely response, effective communication strategies, and coordinated preparedness across organizations. By showing how different parts of the system are connected and where things can go wrong, this study helps organizations better understand the risks of a cyberattack. It supports cyber risk management by making it easier to prepare for incidents, improve response plans and reduce the impact of future attacks. A key limitation is that some probabilities were based on expert estimates rather than empirical data, highlighting the need for future validation through diverse scenario testing.