scholarly journals Automated Cyber and Privacy Risk Management Toolkit

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5493
Author(s):  
Gustavo Gonzalez-Granadillo ◽  
Sofia Anna Menesidou ◽  
Dimitrios Papamartzivanos ◽  
Ramon Romeu ◽  
Diana Navarro-Llobet ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Impact Assessment ◽  
Software Tools ◽  
Internet Security ◽  
Healthcare Organisation ◽  
Privacy Risk ◽  
Case Scenario ◽  
Privacy Risks ◽  
Cyber Risk

Addressing cyber and privacy risks has never been more critical for organisations. While a number of risk assessment methodologies and software tools are available, it is most often the case that one must, at least, integrate them into a holistic approach that combines several appropriate risk sources as input to risk mitigation tools. In addition, cyber risk assessment primarily investigates cyber risks as the consequence of vulnerabilities and threats that threaten assets of the investigated infrastructure. In fact, cyber risk assessment is decoupled from privacy impact assessment, which aims to detect privacy-specific threats and assess the degree of compliance with data protection legislation. Furthermore, a Privacy Impact Assessment (PIA) is conducted in a proactive manner during the design phase of a system, combining processing activities and their inter-dependencies with assets, vulnerabilities, real-time threats and Personally Identifiable Information (PII) that may occur during the dynamic life-cycle of systems. In this paper, we propose a cyber and privacy risk management toolkit, called AMBIENT (Automated Cyber and Privacy Risk Management Toolkit) that addresses the above challenges by implementing and integrating three distinct software tools. AMBIENT not only assesses cyber and privacy risks in a thorough and automated manner but it also offers decision-support capabilities, to recommend optimal safeguards using the well-known repository of the Center for Internet Security (CIS) Controls. To the best of our knowledge, AMBIENT is the first toolkit in the academic literature that brings together the aforementioned capabilities. To demonstrate its use, we have created a case scenario based on information about cyber attacks we have received from a healthcare organisation, as a reference sector that faces critical cyber and privacy threats.

scholarly journals Future developments in standardisation of cyber risk in the Internet of Things (IoT)

2020 ◽  
Vol 2 (2) ◽  
Author(s):  
Petar Radanliev ◽  
David C. De Roure ◽  
Jason R. C. Nurse ◽  
Rafael Mantilla Montalvo ◽  
Stacy Cannady ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Grounded Theory ◽  
Impact Assessment ◽  
Design Process ◽  
Constructivist Grounded Theory ◽  
New Model ◽  
Research Article ◽  
Cyber Risk ◽  
The Internet Of Things ◽  
Epistemological Framework

AbstractIn this research article, we explore the use of a design process for adapting existing cyber risk assessment standards to allow the calculation of economic impact from IoT cyber risk. The paper presents a new model that includes a design process with new risk assessment vectors, specific for IoT cyber risk. To design new risk assessment vectors for IoT, the study applied a range of methodologies, including literature review, empirical study and comparative study, followed by theoretical analysis and grounded theory. An epistemological framework emerges from applying the constructivist grounded theory methodology to draw on knowledge from existing cyber risk frameworks, models and methodologies. This framework presents the current gaps in cyber risk standards and policies, and defines the design principles of future cyber risk impact assessment. The core contribution of the article therefore, being the presentation of a new model for impact assessment of IoT cyber risk.

scholarly journals A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

2021 ◽  
Vol 13 (2) ◽  
pp. 30
Author(s):  
Dimitrios Papamartzivanos ◽  
Sofia Anna Menesidou ◽  
Panagiotis Gouvas ◽  
Thanassis Giannetsos
Keyword(s):  
Risk Assessment ◽  
Impact Assessment ◽  
Information And Communication Technologies ◽  
Perfect Match ◽  
Assessment Process ◽  
Security And Privacy ◽  
Full Potential ◽  
Privacy Risk ◽  
Privacy And Security ◽  
Ict Infrastructure

As the upsurge of information and communication technologies has become the foundation of all modern application domains, fueled by the unprecedented amount of data being processed and exchanged, besides security concerns, there are also pressing privacy considerations that come into play. Compounding this issue, there is currently a documented gap between the cybersecurity and privacy risk assessment (RA) avenues, which are treated as distinct management processes and capitalise on rather rigid and make-like approaches. In this paper, we aim to combine the best of both worlds by proposing the APSIA (Automated Privacy and Security Impact Assessment) methodology, which stands for Automated Privacy and Security Impact Assessment. APSIA is powered by the use of interdependency graph models and data processing flows used to create a digital reflection of the cyber-physical environment of an organisation. Along with this model, we present a novel and extensible privacy risk scoring system for quantifying the privacy impact triggered by the identified vulnerabilities of the ICT infrastructure of an organisation. We provide a prototype implementation and demonstrate its applicability and efficacy through a specific case study in the context of a heavily regulated sector (i.e., assistive healthcare domain) where strict security and privacy considerations are not only expected but mandated so as to better showcase the beneficial characteristics of APSIA. Our approach can complement any existing security-based RA tool and provide the means to conduct an enhanced, dynamic and generic assessment as an integral part of an iterative and unified risk assessment process on-the-fly. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that such holistic security and privacy mechanisms can reach their full potential towards solving this conundrum.

scholarly journals Cybersecurity Risk Assessment in Smart City Infrastructures

Machines ◽  
2021 ◽  
Vol 9 (4) ◽  
pp. 78
Author(s):  
Maxim Kalinin ◽  
Vasiliy Krundyshev ◽  
Peter Zegzhda
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Smart City ◽  
Urban Infrastructure ◽  
Quantitative Risk Assessment ◽  
Main Concern ◽  
Security Threats ◽  
New Approach ◽  
Security Indicators ◽  
Cyber Risk

The article is devoted to cybersecurity risk assessment of the dynamic device-to-device networks of a smart city. Analysis of the modern security threats at the IoT/IIoT, VANET, and WSN inter-device infrastructures demonstrates that the main concern is a set of network security threats targeted at the functional sustainability of smart urban infrastructure, the most common use case of smart networks. As a result of our study, systematization of the existing cybersecurity risk assessment methods has been provided. Expert-based risk assessment and active human participation cannot be provided for the huge, complex, and permanently changing digital environment of the smart city. The methods of scenario analysis and functional analysis are specific to industrial risk management and are hardly adaptable to solving cybersecurity tasks. The statistical risk evaluation methods force us to collect statistical data for the calculation of the security indicators for the self-organizing networks, and the accuracy of this method depends on the number of calculating iterations. In our work, we have proposed a new approach for cybersecurity risk management based on object typing, data mining, and quantitative risk assessment for the smart city infrastructure. The experimental study has shown us that the artificial neural network allows us to automatically, unambiguously, and reasonably assess the cyber risk for various object types in the dynamic digital infrastructures of the smart city.

scholarly journals MILITARY-BASED CYBER RISK ASSESSMENT FRAMEWORK FOR SUPPORTING CYBER WARFARE IN THAILAND

2017 ◽  
Author(s):  
Aniwat Hemanidhi ◽  
Sanon Chimmanee
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Cyber Security ◽  
Risk Evaluation ◽  
Qualitative Data ◽  
Cyber Warfare ◽  
Security Planning ◽  
Assessment Standard ◽  
Network Risk ◽  
Cyber Risk

Information Technology (IT) Risk Management is designed to confirm the sufficiency of information security. There are many risk management/assessment standards, e.g. IS0 27005:2011 and NIST SP 800-30rev1, which are mainly designed for general organizations such as governments or businesses. Cyber risk assessment focused on military strategy has been rarely studied. Hence, this paper presents an innovative cyber risk assessment conceptual framework named “Cyber Risk Assessment (CRA)” which is extended from previous work with Military Risk Evaluation (MRE). This proposed CRA is the collection and integration of both quantitative and qualitative data. The Vulnerability Detection (VD) tools in Network Risk Evaluation (the previous studies) were used for the quantitative data collection and the focus group in the MRE (the proposed method) was used to collect qualitative data, which enhance the general risk assessment standard to achieve the objective of the research. The complexity of cyberspace domains with a military perspective is thoughtfully contemplated into the cyber risk assessment for national cyber security. Results of the proposed framework enable the possibility of cyber risk evaluation into score for national cyber security planning.  

scholarly journals Cyber Risk impact Assessment - Assessing the Risk from the IoT to the Digital Economy

2019 ◽  
Author(s):  
Petar Radanliev ◽  
David De Roure ◽  
Jason R.C. Nurse ◽  
Razvan Nicolescu ◽  
Michael Huth ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Impact Assessment ◽  
Design Process ◽  
Digital Economy ◽  
Cyber Risk ◽  
New Framework

We present an updated design process for adapting and integrating existing cyber risk assessment approaches for impact assessment for the risk from IoT to the digital economy. The new design process includes a set of changes to the original standards (e.g. NIST) that are adapted for the IoT cyber risk in this paper. This paper also presents a new framework for impact assessment of IoT cyber risk, specific for the digital economy.

scholarly journals Cyber Risk in IoT Systems

2019 ◽  
Author(s):  
Petar Radanliev ◽  
David Charles De Roure ◽  
Carsten Maple ◽  
Jason R.C. Nurse ◽  
Razvan Nicolescu ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Internet Of Things ◽  
The Internet ◽  
Incident Response ◽  
Open Questions ◽  
Response And Recovery ◽  
Management Approaches ◽  
Cyber Risk ◽  
The Internet Of Things

In this paper we present an understanding of cyber risks in the Internet of Things (IoT), we explain why it is important to understand what IoT cyber risks are and how we can use risk assessment and risk management approaches to deal with these challenges. We introduce the most effective ways of doing Risk assessment and Risk Management of IoT risk. As part of our research, we also developed methodologies to assess and manage risk in this emerging environment.  This paper will take you through our research and we will explain: what we mean by the IoT; what we mean by risk and risk in the IoT; why risk assessment and risk management are important; the IoT risk management for incident response and recovery; what open questions on IoT risk assessment and risk management remain.

Challenges to Managing Privacy Impact Assessment of Personally Identifiable Data

2013 ◽  
pp. 254-272
Author(s):  
Cyril Onwubiko
Keyword(s):  
Risk Management ◽  
Impact Assessment ◽  
Lessons Learned ◽  
Security Requirements ◽  
Management Regime ◽  
Personally Identifiable Information ◽  
Service Projects ◽  
Privacy Risks ◽  
Identifiable Data

The challenges organisations face in managing privacy risks are numerous, and inherently diverse. Traditionally, organisations focused on addressing business and security requirements of a project, but most recently, privacy impact assessment has become an essential part of the risk management regime for most projects. Significant efforts are now directed toward providing appropriate guidance on how to conduct privacy impact assessments. Appropriate assessments of privacy invasive technologies, justification for project, collection and handling of personally identifiable data and compliance to privacy legislations possess enormous challenges to carrying out appropriate privacy impact assessments. In this chapter, guidance on how to assess privacy risks of both new and in-service projects is provided. Further, lessons learned from managing privacy risks of new and in-service projects resulting from aggregation, collection, sharing, handling and transportation of personally identifiable information are discussed.

scholarly journals Cyber Risk impact Assessment - Assessing the Risc from the IoT to the Digital Economy

2019 ◽  
Author(s):  
Petar Radanliev ◽  
Dave De Roure ◽  
Jason R.C. Nurse ◽  
Razvan Nicolescu ◽  
Michael Huth ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Impact Assessment ◽  
Design Process ◽  
Digital Economy ◽  
Cyber Risk ◽  
New Framework

We present an updated design process for adapting and integrating existing cyber risk assessment approaches for impact assessment for the risk from IoT to the digital economy. The new design process includes a set of changes to the original standards (e.g. NIST) that are adapted for the IoT cyber risk in this paper. This paper also presents a new framework for impact assessment of IoT cyber risk, specific for the digital economy.

scholarly journals A multi-scale risk assessment for tephra fallout and airborne concentration from multiple Icelandic volcanoes – Part 2: Vulnerability and impact

2014 ◽  
Vol 14 (8) ◽  
pp. 2289-2312 ◽  
Author(s):  
C. Scaini ◽  
S. Biass ◽  
A. Galderisi ◽  
C. Bonadonna ◽  
A. Folch ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Impact Assessment ◽  
Air Traffic ◽  
National Scale ◽  
Traffic System ◽  
Tephra Dispersal ◽  
Multi Scale ◽  
Airborne Concentration ◽  
Tephra Fallout

Abstract. We perform a multi-scale impact assessment of tephra fallout and dispersal from explosive volcanic activity in Iceland. A companion paper (Biass et al., 2014; "A multi-scale risk assessment of tephra fallout and airborne concentration from multiple Icelandic volcanoes – Part I: hazard assessment") introduces a multi-scale probabilistic assessment of tephra hazard based on selected eruptive scenarios at four Icelandic volcanoes (Hekla, Askja, Eyjafjallajökull and Katla) and presents probabilistic hazard maps for tephra accumulation in Iceland and tephra dispersal across Europe. Here, we present the associated vulnerability and impact assessment that describes the importance of single features at national and European levels and considers several vulnerability indicators for tephra dispersal and deposition. At the national scale, we focus on physical, systemic and economic vulnerability of Iceland to tephra fallout, whereas at the European scale we focus on the systemic vulnerability of the air traffic system to tephra dispersal. This is the first vulnerability and impact assessment analysis of this type and, although it does not include all the aspects of physical and systemic vulnerability, it allows for identifying areas on which further specific analysis should be performed. Results include vulnerability maps for Iceland and European airspace and allow for the qualitative identification of the impacts at both scales in the case of an eruption occurring. Maps produced at the national scale show that tephra accumulation associated with all eruptive scenarios considered can disrupt the main electricity network, in particular in relation to an eruption of Askja. Results also show that several power plants would be affected if an eruption occurred at Hekla, Askja or Katla, causing a substantial systemic impact due to their importance for the Icelandic economy. Moreover, the Askja and Katla eruptive scenarios considered could have substantial impacts on agricultural activities (crops and pastures). At the European scale, eruptive scenarios at Askja and Katla are likely to affect European airspace, having substantial impacts, in particular, in the Keflavík and London flight information regions (FIRs), but also at FIRs above France, Germany and Scandinavia. Impacts would be particularly intense in the case of long-lasting activity at Katla. The occurrence of eruptive scenarios at Hekla is likely to produce high impacts at Keflavík FIR and London FIRs, and, in the case of higher magnitude, can also impact France's FIRs. Results could support land use and emergency planning at the national level and risk management strategies of the European air traffic system. Although we focus on Iceland, the proposed methodology could be applied to other active volcanic areas, enhancing the long-term tephra risk management. Moreover, the outcomes of this work pose the basis for quantitative analyses of expected impacts and their integration in a multi-risk framework.

Sign in / Sign up

Export Citation Format

Share Document