Conklin, Wm. Arthur2019-12-192019-12-19December 22019-12December 2https://hdl.handle.net/10657/5618The purpose of this paper is to provide a quantitative cyber risk management framework to implement in small to medium organizations’ operational plan. This paper will analyze resources to estimate patterns of attacks, cost of assets, cost of data records, and cost/benefit analysis. With proper calculations, a small and medium business owner will be able to follow the framework and produce two outcomes: annual loss to the organization and cost of benefit estimation to discover return on investment. After these two outcomes one of three decisions will be determined by executives or stakeholders, either accept risk, transfer risk, or invest in risk management.application/pdfengThe author of this work is the copyright owner. UH Libraries and the Texas Digital Library have their permission to store and provide access to this work. Further transmission, reproduction, or presentation of this work is prohibited except with permission of the author(s).Analyze resourcescost/benefit analysisAnnual loss2019-12-19Thesisborn digital