Introducing OSSF: A framework for online service cybersecurity risk management

Mészáros, Jan; Buchalcevova, Alena

doi:10.1016/j.cose.2016.12.008

Cited by 43 publications

(26 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…An attacker profile defines a group of attackers with similar goals and capabilities. By classifying attackers, their characteristics and aligning them with associated vulnerabilities, an analyst can start to learn how an asset can be compromised [ 37 , 38 ]. To defend against attackers, a better understanding of the nature of current vulnerabilities as well as existing and future cyber threats is needed to make an informed decision [ 39 ].…”

Section: Vulnerabilities Attacks and Threatsmentioning

confidence: 99%

A review of threat modelling approaches for APT-style attacks

Tatam

Shanmugam

Azam

et al. 2021

Heliyon

View full text Add to dashboard Cite

Section: Vulnerabilities Attacks and Threatsmentioning

confidence: 99%

A review of threat modelling approaches for APT-style attacks

Tatam

Shanmugam

Azam

et al. 2021

Heliyon

View full text Add to dashboard Cite

“…Risk management framework is an effective method to access, mitigate, and evaluate risks associated with the threat. Several risk management frameworks are available such as for scada systems [50] , online services [51] , and cyber physical systems [52] – [54] . Accordingly, a pandemic such as COVID-19 warrants new and rapid framework that can be implemented immediately.…”

Section: Potential Mitigation Solutionsmentioning

confidence: 99%

Have You Been a Victim of COVID-19-Related Cyber Incidents? Survey, Taxonomy, and Mitigation Strategies

et al. 2020

View full text Add to dashboard Cite

Cybercriminals are constantly on the lookout for new attack vectors, and the recent COVID-19 pandemic is no exception. For example, social distancing measures have resulted in travel bans, lockdowns, and stay-athome orders, consequently increasing the reliance on information and communications technologies, such as Zoom. Cybercriminals have also attempted to exploit the pandemic to facilitate a broad range of malicious activities, such as attempting to take over videoconferencing platforms used in online meetings/educational activities, information theft, and other fraudulent activities. This study briefly reviews some of the malicious cyber activities associated with COVID-19 and the potential mitigation solutions. We also propose an attack taxonomy, which (optimistically) will help guide future risk management and mitigation responses.

show abstract

“…Meszaros et al in [28] propose a framework for online service cybersecurity risk management applied to a large enterprise. The risk model is providing simplicity to manage by either providers or consumer's viewpoints.…”

Section: "Antecedent -> Consequent"mentioning

confidence: 99%

Leveraging cyber threat intelligence for a dynamic risk framework

Riesco

Villagrá

2019

Int. J. Inf. Secur.

View full text Add to dashboard Cite

One of the most important goals in an organization is to have risks under an acceptance level along the time. All organizations are exposed to real-time security threats that could have an impact on their risk exposure levels harming the entire organization, their customers and their reputation. New emerging techniques, tactics and procedures (TTP) which remain undetected, the complexity and decentralization of organization assets, the great number of vulnerabilities proportional to the number of new type of devices (IoT) or still the high number of false positives, are only some examples of real risks for any organization. Risk management frameworks are not integrated and automated with near real-time (NRT) risk-related cybersecurity threat intelligence (CTI) information. The contribution of this paper is an integrated architecture based on the Web Ontology Language (OWL), a semantic reasoner and the use of Semantic Web Rule Language (SWRL) to approach a Dynamic Risk Assessment and Management (DRA/DRM) framework at all levels (operational, tactic and strategic). To enable such a dynamic, NRT and more realistic risk assessment and management processes, we created a new semantic version of STIX™v2.0 for cyber threat intelligence as it is becoming a de facto standard for structured threat information exchange. We selected an international leading organization in cybersecurity to demonstrate new dynamic ways to support decision making at all levels while being under attack. Semantic reasoners could be our ideal partners to fight against threats having risks under control along the time, for that, they need to understand the data. Our proposal uses an unprecedented mix of standards to cover all levels of a DRM and ensure easier adoption by users.

show abstract

Introducing OSSF: A framework for online service cybersecurity risk management

Cited by 43 publications

References 3 publications

A review of threat modelling approaches for APT-style attacks

A review of threat modelling approaches for APT-style attacks

Have You Been a Victim of COVID-19-Related Cyber Incidents? Survey, Taxonomy, and Mitigation Strategies

Leveraging cyber threat intelligence for a dynamic risk framework

Contact Info

Product

Resources

About