2023
DOI: 10.3390/fi15100324
|View full text |Cite
|
Sign up to set email alerts
|

Dynamic Risk Assessment in Cybersecurity: A Systematic Literature Review

Pavlos Cheimonidis,
Konstantinos Rantos

Abstract: Traditional information security risk assessment (RA) methodologies and standards, adopted by information security management systems and frameworks as a foundation stone towards robust environments, face many difficulties in modern environments where the threat landscape changes rapidly and new vulnerabilities are being discovered. In order to overcome this problem, dynamic risk assessment (DRA) models have been proposed to continuously and dynamically assess risks to organisational operations in (near) real … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
3
0

Year Published

2023
2023
2025
2025

Publication Types

Select...
6
1

Relationship

0
7

Authors

Journals

citations
Cited by 9 publications
(3 citation statements)
references
References 70 publications
0
3
0
Order By: Relevance
“…Whilst this score can be informed by any metrics that may provide insight into the possibility of cyber compromise, the Common Vulnerability Scoring System (CVSS) described in Section 1 is recommended [34], as it is an existing scoring system that is used extensively in the literature [36][37][38][39] and industry [40]. As mentioned in Section 1, CVSS scores range from zero to ten and take account of a range of factors related to vulnerability and impact in the cyber domain.…”
Section: Step 1-quantify Cyber Vulnerabilitymentioning
confidence: 99%
“…Whilst this score can be informed by any metrics that may provide insight into the possibility of cyber compromise, the Common Vulnerability Scoring System (CVSS) described in Section 1 is recommended [34], as it is an existing scoring system that is used extensively in the literature [36][37][38][39] and industry [40]. As mentioned in Section 1, CVSS scores range from zero to ten and take account of a range of factors related to vulnerability and impact in the cyber domain.…”
Section: Step 1-quantify Cyber Vulnerabilitymentioning
confidence: 99%
“…Cyber risk assessment can produce overwhelming security weaknesses and corresponding remediations for an organization to implement, making the remediation plan overwhelming. Considering adversaries' techniques and tactics can improve the risk assessment output regarding results, prioritization of security controls, and proactive response to emerging threats [14]. This paper's novelty and contribution lie in its proposal for enhancements through the continuous integration of cyber threat intelligence into an existing cyber risk management framework.…”
Section: Introductionmentioning
confidence: 99%
“…Integrating cyber threat intelligence into risk management is still uncommon, and there is a need for systematic approaches to incorporate threat intelligence feeds effectively [10,13]. Existing frameworks often struggle to adapt to the dynamic threat landscape, highlighting the importance of considering adversary techniques for proactive risk mitigation [14,52].…”
mentioning
confidence: 99%