Risk based approach in scope of cybersecurity threats and requirements

Hoffmann, Romuald; Napiórkowski, Jarosław; Protasowicki, Tomasz; Stanik, Jerzy

doi:10.1016/j.promfg.2020.02.243

Cited by 17 publications

(12 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…-due to their intuitively attractive topology, the results of classification models are easy to understand [6,13,14].…”

Section: Fig 1 Algorithm For Implementing the Evaluation Methodsmentioning

confidence: 99%

“…The paper [14] proposes the risk management process for detecting, analyzing, evaluating, responding to cyber threats and monitoring risks at each stage of the cybersecurity chain. This approach can be used in organizations that intend to implement security mechanisms to align them with current requirements or reduce cyber risks to an accepted level.…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

“…The method [13] The proposed method The method [14] The method [6] The proposed method The method [13] The method [14] The method [6] 0.4…”

Section: Number Of Computational Operationsmentioning

confidence: 99%

See 2 more Smart Citations

Development of a method for assessing cybernetic security in special-purpose information systems

Drozdov

Zhuravskyi

Salnikova

et al. 2020

EEJET

View full text Add to dashboard Cite

“…-due to their intuitively attractive topology, the results of classification models are easy to understand [6,13,14].…”

Section: Fig 1 Algorithm For Implementing the Evaluation Methodsmentioning

confidence: 99%

Section: Literature Review and Problem Statementmentioning

confidence: 99%

See 1 more Smart Citation

Development of a method for assessing cybernetic security in special-purpose information systems

Drozdov

Zhuravskyi

Salnikova

et al. 2020

EEJET

View full text Add to dashboard Cite

“…Ben et al [3] used a quantitative approach to evaluate the motivation, capabilities and opportunity of attackers to calculate the risk associated with specific threats. While [15] and [8] proposed a threat-centric approach for risk management based on the cyber kill chain. Figueira et al [8], in particular, used machine learning to identify the frequency of threat occurrence.…”

Section: Related Workmentioning

confidence: 99%

MITRE ATT&CK-driven Cyber Risk Assessment

Ahmed

Panda

Xenakis

et al. 2022

Proceedings of the 17th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Assessing the risk posed by Advanced Cyber Threats (APTs) is challenging without understanding the methods and tactics adversaries use to attack an organisation. The MITRE ATT&CK provides information on the motivation, capabilities, interests and tactics, techniques and procedures (TTPs) used by threat actors. In this paper, we leverage these characteristics of threat actors to support informed cyber risk characterisation and assessment. In particular, we utilise the MITRE repository of known adversarial TTPs along with attack graphs to determine the attack probability as well as the likelihood of success of an attack. We further identify attack paths with the highest likelihood of success considering the techniques and procedures of a threat actor. The assessment is supported by a case study of a health care organisation to identify the level of risk against two adversary groups-Lazarus and menuPass.

show abstract

“…Information and communications technology (ICT) has created limitless business opportunities and has become inseparable from organisations. Besides its numerous benefits, ICT has drawbacks, i.e., cybersecurity threats, vulnerability, and a lack of effective control over administrative access that cybercriminals can exploit [2].…”

Section: Introductionmentioning

confidence: 99%

Information Security Risk Assessment (ISRA): A Systematic Literature Review

Devi

Sensuse

Kautsarina

et al. 2022

J. Inf. Syst. Eng. Bus. Intell.

View full text Add to dashboard Cite

Background: Information security is essential for organisations, hence the risk assessment. Information security risk assessment (ISRA) identifies, assesses, and prioritizes risks according to organisational goals. Previous studies have analysed and discussed information security risk assessment. Therefore, it is necessary to understand the models more systematically. Objective: This study aims to determine types of ISRA and fill a gap in literature review research by categorizing existing frameworks, models, and methods. Methods: The systematic literature review (SLR) approach developed by Kitchenham is applied in this research. A total of 25 studies were selected, classified, and analysed according to defined criteria. Results: Most selected studies focus on implementing and developing new models for risk assessment. In addition, most are related to information systems in general. Conclusion: The findings show that there is no single best framework or model because the best framework needs to be tailored according to organisational goals. Previous researchers have developed several new ISRA models, but empirical evaluation research is needed. Future research needs to develop more robust models for risk assessments for cloud computing systems. Keywords: Information Security Risk Assessment, ISRA, Security Risk

show abstract

Risk based approach in scope of cybersecurity threats and requirements

Cited by 17 publications

References 10 publications

Development of a method for assessing cybernetic security in special-purpose information systems

Development of a method for assessing cybernetic security in special-purpose information systems

MITRE ATT&CK-driven Cyber Risk Assessment

Information Security Risk Assessment (ISRA): A Systematic Literature Review

Contact Info

Product

Resources

About