Date of Award


Document Type


Degree Name

Master of Science (MS)


Computer Engineering and Sciences

First Advisor

Carlos E. Otero

Second Advisor

Munevver Subasi

Third Advisor

Samuel P. Kozaitis

Fourth Advisor

Philip J. Bernhard


Modern day applications can be spread across multiple virtual or physical systems, and be accessed or attacked by pretty much any one any where. Cybersecurity is used to mitigate these cyber threats but there are limited resources that can be dedicated to security. As result, trade-offs and decisions must be made around what is prioritized and what isn’t. Cyber risk management provides methodologies for identifying threats, evaluating risks and making decisions, however, it can be difficult to determine whether the system is actually secure enough and the risk is actually within an acceptable parameters. This thesis provides a framework for managing threats and quantifying the security posture, in the form of risk desirability, of cyber systems.