A framework for Operational Security Metrics Development for industrial control environment

Ani, Uchenna; He, Hongmei; Tiwari, Ashutosh

doi:10.1080/23742917.2018.1554986

Cited by 4 publications

(2 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Apart from the financial impact, there were other severe impacts on human life. Hospital systems got infected, and appointments for outpatients [1,2]. The motivation for protecting assets and mitigating threats is not always for fear of financial loss; there are behavioral, managerial, philosophical, and organizational aspects, too [3].…”

Section: Introductionmentioning

confidence: 99%

Design and Analysis of Cyber Security Capability Maturity Model

2024

IRJMETS

View full text Add to dashboard Cite

Cyber Security Risk is now very prominent and is recognized by all relevant stakeholders. In their global risk report, the World Economic Forum has flagged Cyber Security Risk as one of the top 5 (five) global risks for the last (three) years. The cybersecurity governance search has now been at the center stage. Literature studies around cyber-security governance research reveal that substantial work has been done to develop frameworks, model standards, etc. However, research around performance evaluation, capability maturity model (MM), etc., are emerging and need more focus. While there are multiple M.M.s for Information/Cyber Security, none are up to date with all emerging digital technology and are validated empirically. Most of the M.M.s are continuous improvement programs meant to increase the internal efficiency of Cybersecurity organizations. There is a lack of research linking this factor of internal efficiency to the business expectation, that is, external effectiveness.

show abstract

Section: Introductionmentioning

confidence: 99%

Design and Analysis of Cyber Security Capability Maturity Model

2024

IRJMETS

View full text Add to dashboard Cite

show abstract

“…Automatic generation: Used by Ani et al [14], i.e., a framework that generates specific security metrics after a preliminary study that analyzes the context and the security objectives of that field.…”

mentioning

confidence: 99%

A Systematic Analysis of Security Metrics for Industrial Cyber–Physical Systems

Gori,

Rinieri,

Melis

et al. 2024

Electronics

View full text Add to dashboard Cite

Nowadays, as the cyber-threat landscape is evolving and digital assets are proliferating and becoming more and more interconnected with the internet and heterogeneous devices, it is fundamental to be able to obtain a sensible measure of the security of devices, networks, and systems. Industrial cyber–physical systems (ICPSs), in particular, can be exposed to high operational risks that entail damage to revenues, assets, and even people. A way to overcome the open question of measuring security is with the use of security metrics. With metrics it is possible to rely on proven indicators that benchmark systems, identify vulnerabilities, and show practical data to assess the risk. However, security metrics are often proposed with specific contexts in mind, and a set of them specifically crafted for ICPSs is not explicitly available in the literature. For this reason, in this work, we analyze the current state of the art in the selection of security metrics and we propose a systematic methodology to gather, filter, and validate security metrics. Then, we apply the procedure to the ICPS domain, gathering almost 300 metrics from the literature, analyzing the domain to identify the properties useful to filter the metrics, and applying a validation framework to assess the validity of the filtered metrics, obtaining a final set capable of measuring the security of ICPSs from different perspectives.

show abstract