Dynamic Risk Assessment and Analysis Framework for Large-Scale Cyber-Physical Systems

Malik, Adeel; Tosh, Deepak K.

doi:10.4108/eai.25-1-2022.172997

Cited by 2 publications

(1 citation statement)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to the ISO [17], tackling risk is about determining uncertainty, whereas for NIST/US [18], it is a holistic approach encompassing organisations, business processes and information systems. DRA is a relatively recent approach to handle change and assess risk continuously, i.e., to update the RA as new evidence (data) emerges in networks and feeds, proactively preparing for malicious incursions as they progress [23,38,39]. As previous work has discussed in detail in the recent literature [40,41], conducting such analysis in IoT is not trivial, a theme we shall cover in Section 4.…”

Section: Threat Modelling Static and Dynamic Risk Analysismentioning

confidence: 99%

Challenges and Opportunities for Conducting Dynamic Risk Assessments in Medical IoT

et al. 2023

View full text Add to dashboard Cite

Modern medical devices connected to public and private networks require additional layers of communication and management to effectively and securely treat remote patients. Wearable medical devices, for example, can detect position, movement, and vital signs; such data help improve the quality of care for patients, even when they are not close to a medical doctor or caregiver. In healthcare environments, these devices are called Medical Internet-of-Things (MIoT), which have security as a critical requirement. To protect users, traditional risk assessment (RA) methods can be periodically carried out to identify potential security risks. However, such methods are not suitable to manage sophisticated cyber-attacks happening in near real-time. That is the reason why dynamic RA (DRA) approaches are emerging to tackle the inherent risks to patients employing MIoT as wearable devices. This paper presents a systematic literature review of RA in MIoT that analyses the current trends and existing approaches in this field. From our review, we first observe the significant ways to mitigate the impact of unauthorised intrusions and protect end-users from the leakage of personal data and ensure uninterrupted device usage. Second, we identify the important research directions for DRA that must address the challenges posed by dynamic infrastructures and uncertain attack surfaces in order to better protect users and thwart cyber-attacks before they harm personal (e.g., patients’ home) and institutional (e.g., hospital or health clinic) networks.

show abstract