Application of capability-based cyber risk assessment methodology to a space system

McNeil, Martha; Llansó, Thomas; Pearson, Dallas

doi:10.1145/3190619.3190644

Cited by 6 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is interrelated with the vulnerability of the assets. McNeil (2018) in his work listed available control as a defensive capability that needs to be identified for mitigating the issues of cyber risk.…”

Section: Slr Findingsmentioning

confidence: 99%

A Systematic Literature Review for Modeling a Cyber Risk Assessment Framework

Mohd Amin,

Anwar,

Mohd Shoid

et al. 2024

E-BPJ

View full text Add to dashboard Cite

This paper presents a framework for cyber risk assessment using a systematic literature review (SLR). A three-staged systematic review was used in this SLR planning, conducting, and reporting the review. Results screening was done by applying inclusion and exclusion criteria. EndNote software and the PRISMA flow diagram were helpful tools during this screening process. The SLR helps the researcher to discover the variables and dimensions in assessing cyber risk. Its findings helped the researcher to produce a framework model of cyber risk assessment. The framework created is expected to give an overview of a more standardized and controlled method of assessing cyber risk to be adopted by organizations.

show abstract

Section: Slr Findingsmentioning

confidence: 99%

A Systematic Literature Review for Modeling a Cyber Risk Assessment Framework

Mohd Amin,

Anwar,

Mohd Shoid

et al. 2024

E-BPJ

View full text Add to dashboard Cite

show abstract

“…To provide a concrete example for our proposed experiment, we selected an exemplar analytic tool called BluGen [40] as the validation target. We chose BluGen because it is published in the open literature and, as its authors, we are familiar with its details.…”

Section: Analytic To Be Validatedmentioning

confidence: 99%

Rigorous Validation of Systems Security Engineering Analytics

Llansó¹,

McNeil²,

Jamieson³

2022

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

In response to the asymmetric advantage that attackers enjoy over defenders in cyber systems, the cyber community has generated a steady stream of cybersecurity-related frameworks, methodologies, analytics, and "best practices" lists. However, these artifacts almost never undergo rigorous validation of their efficacy but instead tend to be accepted on faith, to, we suggest, our collective detriment based on evidence of continued attacker success. But what would rigorous validation look like, and can we afford it? This paper describes the design and estimates the cost of a controlled experiment whose goal is to determine the effectiveness of an exemplar systems security analytic. Given the significant footprint that humans play in cyber systems (e.g., their design, use, attack, and defense), any such experiment must necessarily take into account and control for variable human behavior. Thus, the paper reinforces the argument that cybersecurity can be understood as a hybrid discipline with strong technical and human dimensions.

show abstract

“…Risk assessment (RA) is a systematic process to identify risk, evaluate risk, prioritized risk based on the risk evaluation criteria. The risk assessment activity can be further split into three distinct activities, which are risk identification, risk estimation, and risk evaluation [27]. The purpose of identifying the risk is to carry out a thorough and systematic process to find out everything that could endanger the confidentiality, integrity, and availability of the information.…”

Section: B Risk Assessmentmentioning

confidence: 99%

Adopting ISO/IEC 27005:2011-based Risk Treatment Plan to Prevent Patients Data Theft

Hamit¹,

Sarkan²,

Azmi³

et al. 2020

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

The concern raised in late 2017 regarding 46.2 million mobile device subscriber's data breach had the Malaysian police started an investigation looking for the source of the leak. Data security is very important to protect the assets or information by providing its confidentiality, integrity, and availability not only in the telecommunication industry but also in other sectors. This paper attempts to protect the data of a patient-based clinical system by producing a risk treatment plan for its software products. The existing system is vulnerable to information theft, insecure databases, poor audit login, and password management. The information security risk assessment consisting of identifying risks, analyzing, and evaluating them were conducted before a risk assessment report is written down. A risk management framework was applied to the software development unit of the organization to countermeasure these risks. ISO/IEC 27005:2011 standard was used as the basis for the information security risk management framework. The controls from Annex A of ISO/IEC 27001:2013 were used to reduce the risks. Thirty risks have been identified, and seven high-level risks for the product have been recognized. A risk treatment plan focusing on the risks and controls has been developed for the system to reduce these risks to secure the patient's data. This will eventually enhance the information security in the software development unit and, at the same time, increase awareness among the team members concerning risks and the means to handle them.

show abstract

Application of capability-based cyber risk assessment methodology to a space system

Cited by 6 publications

References 12 publications

A Systematic Literature Review for Modeling a Cyber Risk Assessment Framework

A Systematic Literature Review for Modeling a Cyber Risk Assessment Framework

Rigorous Validation of Systems Security Engineering Analytics

Adopting ISO/IEC 27005:2011-based Risk Treatment Plan to Prevent Patients Data Theft

Contact Info

Product

Resources

About