Cyber Threat Actors for the Factory of the Future

The increasing degree of connectivity in factory of the future (FoF) environments, with systems that were never designed for a networked environment in terms of their technical security nature, is accompanied by a number of security risks that must be considered. This leads to the necessity of relying on risk assessment-based approaches to reach a sufficiently mature cyber security management level. However, the lack of common definitions of cyber threat actors (CTA) poses challenges in untested environments such as the FoF. This paper analyses policy papers and reports from expert organizations to identify common definitions of CTAs. A significant consensus exists only on two common CTAs, while other CTAs are often either ignored or overestimated in their importance. The identified motivations of CTAs are contrasted with the specific characteristics of FoF environments to determine the most likely CTAs targeting FoF environments. Special emphasis is given to corporate competitors, as FoF environments probably provide better opportunities than ever for industrial espionage if they are not sufficiently secured. In this context, the study aims to draw attention to the research gaps in this area.

Download Full-text

Current issues of cyber threat risk assessment: analysis of foreign experience

INFORMATION AND LAW ◽

10.37750/2616-6798.2021.4(39).248824 ◽

2021 ◽

pp. 106-112

Author(s):

O. РАNСНENKO

Keyword(s):

Risk Assessment ◽

Cyber Security ◽

Threat Assessment ◽

Security Strategy ◽

Basic Principles ◽

Assessment Systems ◽

Cyber Threat ◽

Multi Level ◽

National Systems ◽

Local Levels

The article considers topical issues of cyber threat risk assessment. It contains an analysis of the Law “On Basic Principles for providing of Cyber Security of Ukraine”, the Cyber Security Strategy of Ukraine and other legislative acts for providing on cyber security. The main approaches to determining the assessment of cyber threats are considered. The best examples of foreign practice of cyber threat risk assessment are analyzed, the most effective national systems of their assessment are revealed. It is concluded that multi-level risk and threat assessment systems are most effective when the relevant analysis is conducted at both the national and regional and/or local levels.

Download Full-text

The Effects of Cyber-security Risks on Added Value of Consulting Services for IT-security Management Systems in Holding Companies

2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS) ◽

10.1109/itqmis51053.2020.9322883 ◽

2020 ◽

Author(s):

Ilya I. Livshitz ◽

Pawel A. Lontsikh ◽

Natalya P. Lontsikh ◽

Elena Y. Golovina ◽

Olga M. Safonova

Keyword(s):

Cyber Security ◽

Security Management ◽

Added Value ◽

Management Systems ◽

It Security ◽

Security Risks ◽

Holding Companies ◽

Consulting Services

Download Full-text

Application of Bayesian network in risk assessment for website deployment scenarios

Journal of Science and Technology on Information security ◽

10.54654/isj.v14i2.209 ◽

2022 ◽

Vol 2 (14) ◽

pp. 3-16

Author(s):

Vu Thi Huong Giang ◽

Nguyen Manh Tuan

Keyword(s):

Risk Assessment ◽

Bayesian Network ◽

Cyber Security ◽

Rapid Development ◽

Cyber Attacks ◽

Security Risk ◽

Security Testing ◽

Security Risks ◽

Web Based ◽

Assessment Results

Abstract—The rapid development of web-based systems in the digital transformation era has led to a dramatic increase in the number and the severity of cyber-attacks. Current attack prevention solutions such as system monitoring, security testing and assessment are installed after the system has been deployed, thus requiring more cost and manpower. In that context, the need to assess cyber security risks before the deployment of web-based systems becomes increasingly urgent. This paper introduces a cyber security risk assessment mechanism for web-based systems before deployment. We use the Bayesian network to analyze and quantify the cyber security risks posed by threats to the deployment components of a website. First, the deployment components of potential website deployment scenarios are considered assets, so that their properties are mapped to specific vulnerabilities or threats. Next, the vulnerabilities or threats of each deployment component will be assessed according to the considered risk criteria in specific steps of a deployment process. The risk assessment results for deployment components are aggregated into the risk assessment results for their composed deployment scenario. Based on these results, administrators can compare and choose the least risky deployment scenario. Tóm tắt—Sự phát triển mạnh mẽ của các hệ thống trên nền tảng web trong công cuộc chuyển đổi số kéo theo sự gia tăng nhanh chóng về số lượng và mức độ nguy hiểm của các cuộc tấn công mạng. Các giải pháp phòng chống tấn công hiện nay như theo dõi hoạt động hệ thống, kiểm tra và đánh giá an toàn thông tin mạng được thực hiện khi hệ thống đã được triển khai, do đó đòi hỏi chi phí và nhân lực thực hiện lớn. Trong bối cảnh đó, nhu cầu đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế trở nên cấp thiết. Bài báo này giới thiệu một cơ chế đánh giá rủi ro an toàn thông tin mạng cho các hệ thống website trước khi triển khai thực tế. Chúng tôi sử dụng mạng Bayes để phân tích và định lượng rủi ro về an toàn thông tin do các nguồn đe dọa khác nhau gây ra trên các thành phần triển khai của một website. Đầu tiên, các thành phần triển khai của các kịch bản triển khai website tiềm năng được mô hình hoá dưới dạng các tài sản, sao cho các thuộc tính của chúng đều được ánh xạ với các điểm yếu hoặc nguy cơ cụ thể. Tiếp đó, các điểm yếu, nguy cơ của từng thành phần triển khai sẽ được đánh giá theo các tiêu chí rủi ro đang xét tại mỗi thời điểm cụ thể trong quy trình triển khai. Kết quả đánh giá của các thành phần triển khai được tập hợp lại thành kết quả đánh giá hệ thống trong một kịch bản cụ thể. Căn cứ vào kết quả đánh giá rủi ro, người quản trị có thể so sánh các kịch bản triển khai tiềm năng với nhau để lựa chọn kịch bản triển khai ít rủi ro nhất.

Download Full-text

Building Better Decisions: Risk Assessment and the Future of Industrial Hygiene

The Synergist ◽

10.3320/1.2928485 ◽

1995 ◽

Vol 6 (10) ◽

pp. 14

Author(s):

Denise Marois

Keyword(s):

Risk Assessment ◽

Industrial Hygiene ◽

The Future

Download Full-text

Liquidity Gap Report for Stress Testing Structural Liquidity Risk

GIS Business ◽

10.26643/gis.v12i6.3313 ◽

2017 ◽

Vol 12 (6) ◽

pp. 43-53

Author(s):

Eugenia Schmitt

Keyword(s):

Risk Assessment ◽

Risk Evaluation ◽

Stress Testing ◽

Gap Analysis ◽

Liquidity Risk ◽

Methodological Basis ◽

Qualitative Risk Assessment ◽

The Future ◽

Liquidity Gap

The need to focus on banks funding structure and stress testing in an explicit way arose as a consequence of the crisis of past decades. Liquidity risks usually occur as a consequence of other kinds of risks, hence analysing scenarios in a prospective manner is essential for the assessment if the bank can fulfill its obligations as they come due and if its funding costs are appropriate. The structural liquidity risk and the degree of the liquidity mismatch can be measured based on the liquidity gap analysis, where expected cash-in- and outflows, divided in different time-buckets are depicted. The liquidity gap report (LGR) shows if a liquidity shortcoming appears in the future and how high is the amount a bank would have to pay, if any hedging were not possible. This paper shows how to build a comprehensive LGR which is the base for both, liquidity and wealth risk evaluation. To improve the accuracy of the forecast, the counterbalancing capacity will be incorporated into the LGR. This tool is a methodological basis for quantitative and qualitative risk assessment and stress testing.

Download Full-text