scholarly journals Cyber Risk impact Assessment - Assessing the Risk from the IoT to the Digital Economy

2019 ◽  
Author(s):  
Petar Radanliev ◽  
David De Roure ◽  
Jason R.C. Nurse ◽  
Razvan Nicolescu ◽  
Michael Huth ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Impact Assessment ◽  
Design Process ◽  
Digital Economy ◽  
Cyber Risk ◽  
New Framework

We present an updated design process for adapting and integrating existing cyber risk assessment approaches for impact assessment for the risk from IoT to the digital economy. The new design process includes a set of changes to the original standards (e.g. NIST) that are adapted for the IoT cyber risk in this paper. This paper also presents a new framework for impact assessment of IoT cyber risk, specific for the digital economy.

scholarly journals Cyber Risk impact Assessment - Assessing the Risc from the IoT to the Digital Economy

2019 ◽  
Author(s):  
Petar Radanliev ◽  
Dave De Roure ◽  
Jason R.C. Nurse ◽  
Razvan Nicolescu ◽  
Michael Huth ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Impact Assessment ◽  
Design Process ◽  
Digital Economy ◽  
Cyber Risk ◽  
New Framework

We present an updated design process for adapting and integrating existing cyber risk assessment approaches for impact assessment for the risk from IoT to the digital economy. The new design process includes a set of changes to the original standards (e.g. NIST) that are adapted for the IoT cyber risk in this paper. This paper also presents a new framework for impact assessment of IoT cyber risk, specific for the digital economy.

scholarly journals Future developments in standardisation of cyber risk in the Internet of Things (IoT)

2020 ◽  
Vol 2 (2) ◽  
Author(s):  
Petar Radanliev ◽  
David C. De Roure ◽  
Jason R. C. Nurse ◽  
Rafael Mantilla Montalvo ◽  
Stacy Cannady ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Grounded Theory ◽  
Impact Assessment ◽  
Design Process ◽  
Constructivist Grounded Theory ◽  
New Model ◽  
Research Article ◽  
Cyber Risk ◽  
The Internet Of Things ◽  
Epistemological Framework

AbstractIn this research article, we explore the use of a design process for adapting existing cyber risk assessment standards to allow the calculation of economic impact from IoT cyber risk. The paper presents a new model that includes a design process with new risk assessment vectors, specific for IoT cyber risk. To design new risk assessment vectors for IoT, the study applied a range of methodologies, including literature review, empirical study and comparative study, followed by theoretical analysis and grounded theory. An epistemological framework emerges from applying the constructivist grounded theory methodology to draw on knowledge from existing cyber risk frameworks, models and methodologies. This framework presents the current gaps in cyber risk standards and policies, and defines the design principles of future cyber risk impact assessment. The core contribution of the article therefore, being the presentation of a new model for impact assessment of IoT cyber risk.

scholarly journals Automated Cyber and Privacy Risk Management Toolkit

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5493
Author(s):  
Gustavo Gonzalez-Granadillo ◽  
Sofia Anna Menesidou ◽  
Dimitrios Papamartzivanos ◽  
Ramon Romeu ◽  
Diana Navarro-Llobet ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Risk Management ◽  
Impact Assessment ◽  
Software Tools ◽  
Internet Security ◽  
Healthcare Organisation ◽  
Privacy Risk ◽  
Case Scenario ◽  
Privacy Risks ◽  
Cyber Risk

Addressing cyber and privacy risks has never been more critical for organisations. While a number of risk assessment methodologies and software tools are available, it is most often the case that one must, at least, integrate them into a holistic approach that combines several appropriate risk sources as input to risk mitigation tools. In addition, cyber risk assessment primarily investigates cyber risks as the consequence of vulnerabilities and threats that threaten assets of the investigated infrastructure. In fact, cyber risk assessment is decoupled from privacy impact assessment, which aims to detect privacy-specific threats and assess the degree of compliance with data protection legislation. Furthermore, a Privacy Impact Assessment (PIA) is conducted in a proactive manner during the design phase of a system, combining processing activities and their inter-dependencies with assets, vulnerabilities, real-time threats and Personally Identifiable Information (PII) that may occur during the dynamic life-cycle of systems. In this paper, we propose a cyber and privacy risk management toolkit, called AMBIENT (Automated Cyber and Privacy Risk Management Toolkit) that addresses the above challenges by implementing and integrating three distinct software tools. AMBIENT not only assesses cyber and privacy risks in a thorough and automated manner but it also offers decision-support capabilities, to recommend optimal safeguards using the well-known repository of the Center for Internet Security (CIS) Controls. To the best of our knowledge, AMBIENT is the first toolkit in the academic literature that brings together the aforementioned capabilities. To demonstrate its use, we have created a case scenario based on information about cyber attacks we have received from a healthcare organisation, as a reference sector that faces critical cyber and privacy threats.

scholarly journals Cyber Risk Management for the Internet of Things

2019 ◽  
Author(s):  
Petar Radanliev ◽  
David Charles De Roure ◽  
Jason R.C. Nurse ◽  
Pete Burnap ◽  
Eirini Anthi ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Internet Of Things ◽  
Impact Assessment ◽  
Cyber Security ◽  
The Internet ◽  
Target State ◽  
High Level ◽  
Cyber Risk ◽  
The Internet Of Things ◽  
Oriented Approach

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment need to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model. The main contributions from this paper represent a transformation roadmap for standardisation of IoT risk impact assessment; and transformation design imperatives describing how IoT companies can achieve their target state based on their current state with a Goal-Oriented approach. Verified by epistemological analysis defining a unified cyber risk assessment approach. These can be used for calculating the economic impact of cyber risk; for international cyber risk assessment approach; for quantifying cyber risk; and for planning for impact of cyber-attacks, e.g. cyber insurance. The new methods presented in this paper for applying the roadmap include: IoT Risk Analysis through Functional Dependency; Network-based Linear Dependency Modelling; IoT risk impact assessment with a Goal-Oriented Approach; and a correlation between the Goal-Oriented Approach and the IoTMM model.

scholarly journals Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things

2021 ◽  
Author(s):  
Petar Radanliev ◽  
David De Roure ◽  
Pete Burnap ◽  
Omar Santos
Keyword(s):  
Risk Assessment ◽  
Internet Of Things ◽  
Empirical Analysis ◽  
Quantitative Risk Assessment ◽  
The Internet ◽  
Self Assessment ◽  
Target State ◽  
Epistemological Analysis ◽  
Cyber Risk ◽  
The Internet Of Things

AbstractThe Internet-of-Things (IoT) triggers data protection questions and new types of cyber risks. Cyber risk regulations for the IoT, however, are still in their infancy. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. At present, there are no self-assessment methods for quantifying IoT cyber risk posture. It is considered that IoT represent a complex system with too many uncontrollable risk states for quantitative risk assessment. To enable quantitative risk assessment of uncontrollable risk states in complex and coupled IoT systems, a new epistemological equation is designed and tested though comparative and empirical analysis. The comparative analysis is conducted on national digital strategies, followed by an empirical analysis of cyber risk assessment approaches. The results from the analysis present the current and a target state for IoT systems, followed by a transformation roadmap, describing how IoT systems can achieve the target state with a new epistemological analysis model. The new epistemological analysis approach enables the assessment of uncontrollable risk states in complex IoT systems—which begin to resemble artificial intelligence—and can be used for a quantitative self-assessment of IoT cyber risk posture.

scholarly journals Qualitative Risk Assessment of Cybersecurity and Development of Vulnerability Enhancement Plans in Consideration of Digitalized Ship

2021 ◽  
Vol 9 (6) ◽  
pp. 565
Author(s):  
Yunja Yoo ◽  
Han-Seon Park
Keyword(s):  
Risk Assessment ◽  
Safety Management ◽  
International Standards ◽  
Security Risk ◽  
Analytic Hierarchy ◽  
Improvement Plan ◽  
Qualitative Risk Assessment ◽  
Cyber Risk ◽  
Hierarchy Process ◽  
Ship Safety

The International Maritime Organization (IMO) published the Guidelines on Maritime Cyber Risk Management in 2017 to strengthen cybersecurity in consideration of digitalized ships. As part of these guidelines, the IMO recommends that each flag state should integrate and manage matters regarding cyber risk in the ship safety management system (SMS) according to the International Safety Management Code (ISM Code) before the first annual verification that takes place on or after 1 January 2021. The purpose of this paper is to identify cybersecurity risk components in the maritime sector that should be managed by the SMS in 2021 and to derive priorities for vulnerability improvement plans through itemized risk assessment. To this end, qualitative risk assessment (RA) was carried out for administrative, technical, and physical security risk components based on industry and international standards, which were additionally presented in the IMO guidelines. Based on the risk matrix from the RA analysis results, a survey on improving cybersecurity vulnerabilities in the maritime sector was conducted, and the analytic hierarchy process was used to analyze the results and derive improvement plan priority measures.

Sign in / Sign up

Export Citation Format

Share Document