Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies

M.-Elisabeth Paté-Cornell; Marshall Kuypers; Matthew Smith; Philip Keller

doi:10.1111/risa.12844

Research for Risk Management of Construction Projects in Taiwan

Sustainability ◽

10.3390/su13042034 ◽

2021 ◽

Vol 13 (4) ◽

pp. 2034

Author(s):

Chien-Liang Lin ◽

Bey-Kun Chen

Keyword(s):

Risk Management ◽

Risk Analysis ◽

Structural Equation ◽

Construction Projects ◽

Construction Project ◽

Equation Modeling ◽

Analysis Model ◽

Sustainable Operation ◽

Management Procedure ◽

Risk Managers

Risks inevitably exist in all stages of a project. In a construction project, which is highly dynamic and complex, risk factors affect the expected achievement rates of the three main performance goals, namely schedule, cost, and quality. A comprehensive risk management procedure requires three crucial steps: risk confirmation, analysis, and treatment. Risk analysis is the core of risk management. Through structural equation modeling, this study developed a risk analysis model that takes a different perspective and considered the occurrence probability of risk events and the extent to which these events affect a project. The contractor dimension was discovered to exert the strongest influence on an overall project, followed by the subcontractor and design dimensions. This paper proposes a novel construction project risk analysis model, which considers the entire project. The proposed model can be used as a reference for risk managers to make decisions about project risks, so as to achieve the ultimate goal of saving resources and the sustainable operation of the construction project.

Download Full-text

A Knowledge-Based Risk Management for the Utility Business Service Model

10.28945/2685 ◽

2003 ◽

Cited By ~ 1

Author(s):

Christina Silveira

Keyword(s):

Risk Management ◽

Risk Analysis ◽

Business Model ◽

Value Chain ◽

Virtual Enterprise ◽

Business Service ◽

Analysis Model ◽

Service Model ◽

Emergent Technologies ◽

Virtuous Cycle

The digital economy needs new indicators for emergent technologies, and to establish them, a risk analysis model is deployed as an Information System Meta research method. The role of the Utility Business Service Model (UBSM) in mitigating information technology and information systems (IT/IS) risks in the business activity: assisting to understand how the virtual enterprise paradigm is shifting established values across the IT/IS value chain. The technical infrastructure for e-commerce and ebusiness share similar risks. The PMBook (Project Management Institute) risk analysis model is used to understand the risks involved in the adoption of UBSM by potential customers. This preliminary model will be part of a virtuous cycle of learning and informing. The twofold purpose of the knowledge-base risk management framework is (1) to summarise and categorise initial research finds about the use of the UBSM, and (2) survey the pace of adoption and acceptance of the UBSM as a service provision business model, which includes the application services provision (ASP) business model.

Download Full-text

Covid Best Practices for Cyber Risk Management

10.2118/208113-ms ◽

2021 ◽

Author(s):

Syed M. Belal ◽

MD Abdur Rahman

Keyword(s):

Risk Management ◽

Critical Infrastructure ◽

Industrial Sector ◽

Remote Access ◽

Acceptable Level ◽

Direct Access ◽

Remote Work ◽

The Face ◽

Iec 62443 ◽

Cyber Risk

Abstract If we learned anything from the year 2020, it is that we need to be more prepared for the unexpected. We need to be working to enable our business to be more resilient in the face of unexpected challenges. We strongly believe that for the industrial sector, the most effective way to enable resiliency is to ensure you have integrity in your operational technology (OT). The objective of this paper is to identify and manage the risk that arose from managing plants remotely. As a result of COVID-19, people started working and managing from home. While this needed to be done to keep businesses running, many risks were introduced as well. How to manage them effectively to reduce cyber risk to an acceptable level will be discussed. Industrial frameworks to identify security gaps, and thus risk, were considered, such as ISA-99/IEC-62443, NIST, ISO-27001, and Top CIS controls. New practices critical infrastructure followed to reduce infection rates were identified from interviews and surveys conducted by PAS, part of Hexagon, of our customers who work with critical infrastructure. These new practices were then compared to the industrial risk management framework to identify the severity of the threats. Once these were identified, mitigation plans were recommended to reduce the risk to an acceptable level. Because of this rapid shift to run the plant remotely, there was an over-provisioning of access in the early stages of the pandemic – i.e., giving more direct access to the industrial control system environment. This was not wise from a security standpoint, but the priority was to keep businesses up and running, so they were ready to take that risk. Now that some organizations have decided to continue with remote work, it is imperative to verify all remote access considers the least privileged access concept. Remote access is like a bridge that bypasses all the controls implemented. Having a remote access vulnerability will help bad actors break into the network and cause catastrophic damage. Though this paper focuses on remote access risk introduced by the COVID-19 pandemic, you can apply the findings to all remote access into critical infrastructure.

Download Full-text

A Web Platform for Integrated Vulnerability Assessment and Cyber Risk Management

Information ◽

10.3390/info10070242 ◽

2019 ◽

Vol 10 (7) ◽

pp. 242

Author(s):

Pietro Russo ◽

Alberto Caponi ◽

Marco Leuti ◽

Giuseppe Bianchi

Keyword(s):

Risk Management ◽

Risk Analysis ◽

Vulnerability Assessment ◽

Cyber Security ◽

Assessment Tool ◽

Security Assessment ◽

Software Platform ◽

Web Based ◽

Custom Made ◽

Cyber Risk

Cyber risk management is a very important problem for every company connected to the internet. Usually, risk management is done considering only Risk Analysis without connecting it with Vulnerability Assessment, using external and expensive tools. In this paper we present CYber Risk Vulnerability Management (CYRVM)—a custom-made software platform devised to simplify and improve automation and continuity in cyber security assessment. CYRVM’s main novelties are the combination, in a single and easy-to-use Web-based software platform, of an online Vulnerability Assessment tool within a Risk Analysis framework following the NIST 800-30 Risk Management guidelines and the integration of predictive solutions able to suggest to the user the risk rating and classification.

Download Full-text

Risk analysis model and agricultural derivative market use

Independent Journal of Management & Production ◽

10.14807/ijmp.v12i8.1499 ◽

2021 ◽

Vol 12 (8) ◽

pp. 2508-2534

Author(s):

João Batista Ferreira ◽

Luiz Gonzaga Castro Junior

Keyword(s):

Risk Management ◽

Risk Analysis ◽

Value At Risk ◽

Price Risk ◽

Analysis Model ◽

Agricultural Risk ◽

Market Risks ◽

Price Risks ◽

Derivative Markets ◽

Price Risk Management

This research aims to build conceptual guidelines regarding price risk management through the agricultural derivatives market. Specifically, to identify the common price risk management methods and strategies employed, the risk analysis models of derivative markets, and the barriers to agricultural risk management. This is an integrative review, the search for literature on the models of risk management analysis of agricultural derivatives started by listing the largest possible number of keywords on the topic, in the Scopus and Web of Science. Forty-five publications were found meeting the pre-established criteria that served as the basis for this research. Based on the literature review, we list the main information on the subject and we also propose a theoretical model for analyzing the market risks of agricultural derivatives. Still, it was possible to notice that among the methodologies for measuring market risk, Value at Risk (VaR) stands out. We exemplify and demonstrate the existence of several statistical analyzes and mathematical models, as well as software available for the management of price risks. It is concluded that strategies with the futures and options market, even though they are the most efficient for risk management, lack incentives to become practical.

Download Full-text

Risk interaction identification in international supply chain logistics

International Journal of Operations & Production Management ◽

10.1108/ijopm-03-2016-0121 ◽

2018 ◽

Vol 38 (2) ◽

pp. 372-389 ◽

Cited By ~ 16

Author(s):

Dong-Wook Kwak ◽

Vasco Sanchez Rodrigues ◽

Robert Mason ◽

Stephen Pettit ◽

Anthony Beresford

Keyword(s):

Risk Management ◽

Supply Chain ◽

Risk Analysis ◽

Supply Chains ◽

Analysis Model ◽

Content Type ◽

Risk Elements ◽

Supply Chain Logistics ◽

Holistic Understanding ◽

Level 2

Purpose International supply chains can be severely disrupted by failures in international logistics processes. Therefore, an understanding of international logistics risks, or causes of failure, how these may interact with each other and how they can be mitigated are imperatives for the smooth operation of international supply chains. The purpose of this paper is to specifically investigate the interactions between international logistics risks within the prevailing structures of international supply chains and highlights how these risks may be inter-connected and amplified. A new dynamic supply chain logistics risk analysis model is proposed which is novel as it provides a holistic understanding of the risk event interactivity. Design/methodology/approach The paper applies interpretive structural modelling to data collected from a survey of leading supply chain practitioners, in order to analyse their perspectives of risk elements and interactions. The risk elements and their contextual relationship were derived empirically through the use of focus groups and subsequent Delphi study. The two stages of the research rely on experts’ views on risk events and clusters and the level of interactions among those clusters. Findings A key finding of this research is that supply chain practitioner’s perception of risk consists of inter-connected four levels: value streams risks; information and relationship risks; risks in international supply chain activities; and external environment. In particular, since level 2 risk creates feedback loops of risks, risk management at level 2 can dampen the amplification effect and the strength of the interactions. Practical implications Several managerial implications are drawn. First, the research guides managers in the identification and evaluation of risk events which can impact the performance of their international logistics supply chain operations. Second, evidence is presented that supports the proposition that the relationships with trading partners and LSPs, and the degree of logistics information exchange, are critical to prevent, or at least mitigate, logistics risks which can substantially affect the responsiveness of the international supply chain. Originality/value The main contribution to knowledge that this study offers to the literature on supply chain risk management is the development of a supply chain logistics risk analysis model which includes both risk elements and interactions. The research demonstrates the importance of taking into account risk interactions in the process of identification and evaluation of risk events.

Download Full-text

Cyber negotiation: a cyber risk management approach to defend urban critical infrastructure from cyberattacks

Journal of Cyber Policy ◽

10.1080/23738871.2019.1586969 ◽

2019 ◽

Vol 4 (1) ◽

pp. 90-116 ◽

Cited By ~ 5

Author(s):

Gregory Falco ◽

Alicia Noriega ◽

Lawrence Susskind

Keyword(s):

Risk Management ◽

Critical Infrastructure ◽

Management Approach ◽

Cyber Risk

Download Full-text

Cyber-risk management: identification, prevention, and mitigation techniques

10.31219/osf.io/skxec ◽

2021 ◽

Author(s):

Naveen Kunnathuvalappil Hariharan

Keyword(s):

Risk Management ◽

Cyber Security ◽

Critical Infrastructure ◽

Identity Theft ◽

Cyber Attacks ◽

Cyber Terrorism ◽

Mitigation Techniques ◽

Cyber Risk ◽

Careful Management

Cyber-attacks on critical infrastructure, as well as the possibility of cyber-terrorism and even cyberwarfare, pose a threat to societies on a larger scale. Stakeholders are vulnerable to information theft,service disruptions, privacy and identity theft, fraud, espionage and sabotage. This article provides abrief overview of risk management, with a particular emphasis on cyber security and cyber-riskassessment. This article provides an overview of risk management, with a particular emphasis oncyber security detection, prevention, and mitigation techniques. We showed how organizations couldmitigate their cyber risk with careful management.

Download Full-text

Design Thinking as a Tool for the Analysis of Project Risks

Issues of Risk Analysis ◽

10.32686/1812-5220-2019-16-6-60-77 ◽

2019 ◽

Vol 16 (6) ◽

pp. 60-77

Author(s):

E. V. Vasilieva ◽

T. V. Gaibova

Keyword(s):

Risk Management ◽

Risk Analysis ◽

Design Thinking ◽

Management Tools ◽

Project Risk ◽

Team Members ◽

Investment Projects ◽

Risk Management Process ◽

Project Objectives ◽

Project Risk Analysis

This paper describes the method of project risk analysis based on design thinking and explores the possibility of its application for industrial investment projects. Traditional and suggested approaches to project risk management have been compared. Several risk analysis artifacts have been added to the standard list of artifacts. An iterative procedure for the formation of risk analysis artifacts has been developed, with the purpose of integrating the risk management process into strategic and prompt decision-making during project management. A list of tools at each stage of design thinking for risk management within the framework of real investment projects has been proposed. The suggested technology helps to determine project objectives and content and adapt them in regards to possible; as well as to implement measures aimed at reducing these risks, to increase productivity of the existing risk assessment and risk management tools, to organize effective cooperation between project team members, and to promote accumulation of knowledge about the project during its development and implementation.The authors declare no conflict of interest.

Download Full-text

Cyber Risk. The New Enemy for Risk Management in the Age of Globalisation

MANAGEMENT CONTROL ◽

10.3280/maco2018-su2007 ◽

2018 ◽

pp. 135-155 ◽

Cited By ~ 2

Author(s):

Chiara Crovini ◽

Giovanni Ossola ◽

Pier Luigi Marchini

Keyword(s):

Risk Management ◽

Cyber Risk

Download Full-text