Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals

Santos-Olmo, Antonio; Sánchez, Luis Enrique; Rosado, David G.; Serrano, Manuel A.; Blanco, Carlos; Mouratidis, Haralambos; Fernández-Medina, Eduardo

doi:10.1007/s11704-023-1582-6

Cited by 7 publications

(1 citation statement)

References 106 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To overcome these limitations, in previous works, we have developed a methodology called "MARISMA" (Methodology for the Analysis of Risks in Information Systems using Meta-Patterns and Adaptability) [14] supported by a technological environment called "eMARISMA" (www.emarisma.com, accessed on 26 March 2024). MARISMA is a methodology based on the reuse of knowledge for RAM purposes using structures known as "patterns" that allow different types of cases to be supported.…”

Section: Introductionmentioning

confidence: 99%

QISS: Quantum-Enhanced Sustainable Security Incident Handling in the IoT

Blanco,

Santos-Olmo,

Sánchez

2024

Information

Self Cite

View full text Add to dashboard Cite

As the Internet of Things (IoT) becomes more integral across diverse sectors, including healthcare, energy provision and industrial automation, the exposure to cyber vulnerabilities and potential attacks increases accordingly. Facing these challenges, the essential function of an Information Security Management System (ISMS) in safeguarding vital information assets comes to the fore. Within this framework, risk management is key, tasked with the responsibility of adequately restoring the system in the event of a cybersecurity incident and evaluating potential response options. To achieve this, the ISMS must evaluate what is the best response. The time to implement a course of action must be considered, as the period required to restore the ISMS is a crucial factor. However, in an environmentally conscious world, the sustainability dimension should also be considered to choose more sustainable responses. This paper marks a notable advancement in the fields of risk management and incident response, integrating security measures with the wider goals of sustainability and corporate responsibility. It introduces a strategy for handling cybersecurity incidents that considers both the response time and sustainability. This approach provides the flexibility to prioritize either the response time, sustainability or a balanced mix of both, according to specific preferences, and subsequently identifies the most suitable actions to re-secure the system. Employing a quantum methodology, it guarantees reliable and consistent response times, independent of the incident volume. The practical application of this novel method through our framework, MARISMA, is demonstrated in real-world scenarios, underscoring its efficacy and significance in the contemporary landscape of risk management.

show abstract

Section: Introductionmentioning

confidence: 99%