Analysis of methods for assessing and managing cyber risks and information security

Global trends to increase the threats to information and cybersecurity, increasing the level of vulnerability of information and telecommunications systems (ITS) necessitate the development and implementation of new standards and regulations on information security, the introduction of new technologies and best practices in information security. The main approach to information and cybersecurity in ITS is the Risk-Based Protection Strategy. The main task of information risk management (IR) is to identify and assess objectively the most significant risks for the company's business, as well as the need to use risk controls to increase the efficiency and profitability of the company's economic activities. It is believed that quality risk management allows you to use the optimal efficiency and cost of risk control and information protection measures, adequate to the current goals and objectives of the company's business. The paper presents results of solving the current problem of finding optimal methods for assessing the risks of information and cybersecurity. Criteria for selecting the best methods of risk assessment are proposed. The analysis of known methods of risk assessment for compliance with these criteria is performed. Proposals have been formulated to create promising methods for risk assessment, their application to modern information security management systems, especially those designed for critical infrastructure, will most effectively address the problems of information and cybersecurity, as well as privacy.

Download Full-text

Information Security Risk Assessment Model for Risk Management

Trust and Privacy in Digital Business - Lecture Notes in Computer Science ◽

10.1007/11824633_3 ◽

2006 ◽

pp. 21-30 ◽

Cited By ~ 8

Author(s):

Dariusz Wawrzyniak

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Information Security ◽

Assessment Model ◽

Risk Assessment Model ◽

Security Risk ◽

Information Security Risk ◽

Security Risk Assessment

Download Full-text

From rationale to lessons learned in the cloud information security risk assessment: a study of organizations in Sweden

Information and Computer Security ◽

10.1108/ics-03-2021-0034 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Ana Faizi ◽

Ali Padyab ◽

Andreas Naess

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Information Security ◽

Management Practices ◽

Lessons Learned ◽

Cloud Services ◽

Security Risk ◽

Content Type ◽

Information Security Risk ◽

Security Risk Assessment

Purpose This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden. Design/methodology/approach Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices. Findings The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services. Originality/value As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.

Download Full-text

Hydraulic fracturing and the need for risk assessment

Journal of Emergency Management ◽

10.5055/jem.2011.0104 ◽

2012 ◽

Vol 10 (4) ◽

pp. 265 ◽

Cited By ~ 1

Author(s):

Robert O. Schneider, PhD

Keyword(s):

Public Health ◽

Risk Assessment ◽

Risk Management ◽

Hydraulic Fracturing ◽

Policy Process ◽

New Technologies ◽

Health And Safety ◽

Scientific Work ◽

Policy Makers ◽

Public Health And Safety

This analysis examines the perceived lag in the policy process with respect to risk assessment and risk management in relationship to the development of new technologies that have the potential to create new threats to public health and safety. Hydraulic fracturing and the ongoing revolution in natural gas exploration make an excellent case study of the difficulties that inevitably arise, are difficult to resolve, and that expand threats to public health and safety when policy makers do not prioritize risk assessment and risk management until the negative impacts or potential harms of previous decisions are felt. The analysis begins with a description of the hydraulic fracturing revolution and a discussion of the potential risks associated with it. This will include some of the preliminary scientific work on the subject. The analysis will highlight concerns that timely assessment and management of these risks is often frustrated by the policy process itself. In essence, the conclusion reached is that significant improvements in the timely assessing and managing the risks associated with technological advances require policy makers to emulate the emergency management profession in elevating risk assessment and risk management to the level of a first priority in the policy process.

Download Full-text

Niezawodność techniczna inspiracją dla zarządzania ryzykiem operacyjnym i publicznego zarządzania kryzysowego

Zarządzanie Publiczne ◽

10.4467/20843968zp.20.003.13068 ◽

2020 ◽

pp. 33-46

Author(s):

Janusz Zawiła-Niedźwiecki ◽

Anna Kosieradzka ◽

Grzegorz Kunikowski ◽

Katarzyna Rostek

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Crisis Management ◽

Critical Infrastructure ◽

Operational Risk ◽

New Approach ◽

Operational Risk Management ◽

Public Crisis ◽

Public Crisis Management ◽

Technical Reliability

Teoria niezawodności to ważna inspiracja nauk społecznych w zarządzaniu ryzykiem operacyjnym oraz publicznym zarządzaniu kryzysowym. Artykuł podaje nowe podejście do publicznego zarządzania kryzysowego, zastosowane w krajowych metodykach: oceny ryzyka w ochronie infrastruktury krytycznej państwa oraz planowania cywilnego i ratownictwa. Technical reliability as an inspiration for operational risk management and public crisis management The theory of reliability is an important inspiration of social science in operational risk management and public crisis management. The article provides a new approach to public crisis management, used in national methodologies: risk assessment in the protection of critical infrastructure of the state as well as civil and rescue planning.

Download Full-text

Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach

Informatica ◽

10.15388/informatica.2019.203 ◽

2019 ◽

Vol 30 (1) ◽

pp. 187-211 ◽

Cited By ~ 15

Author(s):

Zenonas Turskis ◽

Nikolaj Goranin ◽

Assel Nurusheva ◽

Seilkhan Boranbayev

Keyword(s):

Risk Assessment ◽

Information Security ◽

Critical Infrastructure ◽

Security Risk ◽

Information Security Risk ◽

Security Risk Assessment

Download Full-text

Implementing Cybersecurity Measures in Transport Organisation

Annals of Disaster Risk Sciences ◽

10.51381/adrs.v3i1.48 ◽

2020 ◽

Vol 3 (1) ◽

Author(s):

Silvana Tomić Rotim

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Critical Infrastructure ◽

Acceptable Level ◽

Transport Infrastructure ◽

Business Continuity ◽

Transport Organization ◽

Risk Treatment ◽

Risk Management Methodology

The Article describes the phases of implementing the necessary measures according to Cybersecurity Regulation for critical infrastructure and ISO 27032 standard. As a base for identification of the necessary measures in transport organization the risk assessment has been done. The Risk Management Methodology has been described as well as the results of the risk assessment. The main aspects of risk treatment with the most suitable measures for Cyber risks are identified. Also as very important aspect of protecting critical transport infrastructure we have identified the critical services and prepared business continuity plans. The main steps and results in providing the acceptable level of availability and opportunities for continuity are presented and explained.

Download Full-text

Knowledge Systems and Risk Management

Current Issues and Trends in Knowledge Management, Discovery, and Transfer - Advances in Knowledge Acquisition, Transfer, and Management ◽

10.4018/978-1-7998-2189-2.ch015 ◽

2020 ◽

pp. 367-385 ◽

Cited By ~ 1

Author(s):

Murray Eugene Jennex ◽

Alexandra Durcikova

Keyword(s):

Risk Assessment ◽

Risk Management ◽

Information Security ◽

Threat Assessment ◽

Knowledge System ◽

Knowledge Systems ◽

Assessment Framework ◽

Assessment Techniques ◽

Information Assets ◽

A Company

Knowledge is the most important asset that a company can have. Thus, it is imperative that this asset is safeguarded just like generic information assets. However, knowledge management (KM) and knowledge systems are different than traditional information systems with different threats and different operational requirements. Information security professionals recognize that risk assessment is the cornerstone to information security. The authors build on this perspective and propose that risk assessment techniques need to be applied to KM too to properly safeguard this asset. They discuss risk assessment frameworks and build on a KM/knowledge system specific risk assessment framework with a step-by-step guideline for KM/knowledge system specific threat assessment.

Download Full-text

WISE Information Security for Collaborating e-Infrastructures

EPJ Web of Conferences ◽

10.1051/epjconf/201921403041 ◽

2019 ◽

Vol 214 ◽

pp. 03041

Author(s):

Hannah Short ◽

David Kelsey ◽

Romain Wartel ◽

David Groep ◽

Urpo Kaila ◽

...

Keyword(s):

Risk Management ◽

Information Security ◽

Large Scale ◽

High Energy Physics ◽

Critical Infrastructure ◽

High Energy ◽

Security Risk ◽

Physics Community ◽

Future Work ◽

Energy Physics

As most are fully aware, cybersecurity attacks are an ever-growing problem as larger parts of our lives take place on-line. Distributed digital infrastructures are no exception and action must be taken to both reduce the security risk and tohandle security incidents when they inevitably happen. These activities are carried out by the various research infrastructures and it has become very clear in recent years that collaboration with others both helps to improve the security and to work more efficiently. The Wise Information Security for Collaborating e-Infrastructures (WISE) community provides a trusted framework where security experts can share information on topics such as risk management, experiences about certification processes and threat intelligence. With participants from multiple large scale Infrastructures, WISE focuses on standards, guidelines and practices, and promotes the protection of critical infrastructure. To date WISE has published two documents; a risk management template and a second version of the SCI framework, endorsed by multiple large-scale infrastructures. In 2018 WISE began work on new areas of relevance to the High Energy Physics community, including a focus on operational security and incident response for interoperating infrastructures. We present an overview of the available WISE recommendations, future work and how WISE brings benefits to the High Energy Physics community.

Download Full-text

Information Security Risk Assessment in Critical Infrastructure: A Hybrid MCDM Approach

Informatica ◽

10.15388/informatica.2018.203 ◽

2019 ◽

Vol 30 (1) ◽

pp. 187-211 ◽

Cited By ~ 5

Author(s):

Zenonas TURSKIS ◽

Nikolaj GORANIN ◽

Assel NURUSHEVA ◽

Seilkhan BORANBAYEV

Keyword(s):

Risk Assessment ◽

Information Security ◽

Critical Infrastructure ◽

Security Risk ◽

Information Security Risk ◽

Security Risk Assessment

Download Full-text

Risk Management on Information Security in ABC Company

ACMIT Proceedings ◽

10.33555/acmit.v4i1.60 ◽

2017 ◽

Vol 4 (1) ◽

pp. 62-66

Author(s):

Luyen Ha Nam

Keyword(s):

Risk Management ◽

Information Security ◽

Data Management ◽

Management System ◽

Risk Mitigation ◽

Data Management System ◽

Data Centre ◽

Long Time ◽

Mitigation Action ◽

Better Than

From long, long time ago until nowadays information still takes a serious position for all aspect of life, fromindividual to organization. In ABC company information is somewhat very sensitive, very important. But how wekeep our information safe, well we have many ways to do that: in hard drive, removable disc etc. with otherorganizations they even have data centre to save their information. The objective of information security is to keep information safe from unwanted access. We applied Risk Mitigation Action framework on our data management system and after several months we have a result far better than before we use it: information more secure, quickly detect incidents, improve internal and external collaboration etc.

Download Full-text