QRALib: A Python library for Quantitative Risk Analysis in Cybersecurity

Sammanfattning: The risk of cyberattacks is increasing. Companies are facing more attacks and with graver consequences. To handle the risks cybersecurity practitioners use risk analysis to prioritize handling. The de-facto standard has been qualitative analysis using ordinal scales and categories. This is shifting and the use of quantitative methods using probability distributions and ranges of a rational number is on the rise. Quantitative risk analysis is performed by simulating the risks hundreds or thousands of times using Monte Carlo methods. With the increased interest in quantitative methods, there is a need for software that can be integrated with existing risk and compliance tools. This thesis aims to provide this in form of a software library writtenin Python. QRALib (Quantitative Risk Analysis Library) has been developed following a need for a modular tool that can be used as part of the tools that are already being used forrisk management. Building on the need for modularity, QRALib was used to evaluate Quasi- and Randomized-Quasi Monte Carlo methods in an effort to improve the computation efficiency. The results show that computations can be done much more efficiently with the same or better accuracy by using Randomized-Quasi Monte Carlo methods. QRALibprovides analysts with tools to better understand the effect input has on the result byusing sensitivity analysis.