This book tackles the problem of complexity within IT environments, i. e., „Cybercomplexity,“ which is generally recognized as a principal source of cybersecurity risk. The book first defines complexity and simplifies its analysis by assuming a probabilistic approach to security risk management. It then proposes a simple model of cybercomplexity that is based on Shannon entropy, a basic concept in information theory. The key drivers of cybercomplexity emerge from this model, where these drivers reveal the scale-dependence of cybersecurity risk and explain why macroscopic security controls are required to address cybersecurity risk on an enterprise scale. The significant operational implications of cybercomplexity are also discussed, thereby providing both a theoretical framework and a practical guide to addressing this longstanding problem in cybersecurity risk management.
