The Challenge of Adequately Defining Technical Risk

2021 ◽  
pp. 45-74
Keyword(s):  
Risk Assessment ◽  
Cyber Security ◽  
The Internet ◽  
Public Cloud ◽  
Cloud Systems ◽  
External Threats ◽  
Technical Risk ◽  
Security Control ◽  
Cloud Environments ◽  
Threat Modelling

Chapter 2 investigates the risk and compliance conundrum as fundamental principles that better inform the governance of cyber security in organizations. Public cloud computing examples are used to highlight the deficiencies of legacy risk assessment methods but also to provide a stark warning about using compliance mapping approaches instead of considered security control implementations. Ultimately using blanket compliance frameworks does not necessarily influence, but rather conversely, creates a vacuum that does not drill deep enough into the controls needed to safeguard cloud environments; this is particularly relevant since public cloud systems are connected to and accessed via the internet and therefore exposed to external threats. This chapter explores the use of threat modelling to contextualize risks more accurately in order to mitigate them more effectively.

scholarly journals Cyber Risk Management for the Internet of Things

2019 ◽  
Author(s):  
Petar Radanliev ◽  
David Charles De Roure ◽  
Jason R.C. Nurse ◽  
Pete Burnap ◽  
Eirini Anthi ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Internet Of Things ◽  
Impact Assessment ◽  
Cyber Security ◽  
The Internet ◽  
Target State ◽  
High Level ◽  
Cyber Risk ◽  
The Internet Of Things ◽  
Oriented Approach

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment need to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model. The main contributions from this paper represent a transformation roadmap for standardisation of IoT risk impact assessment; and transformation design imperatives describing how IoT companies can achieve their target state based on their current state with a Goal-Oriented approach. Verified by epistemological analysis defining a unified cyber risk assessment approach. These can be used for calculating the economic impact of cyber risk; for international cyber risk assessment approach; for quantifying cyber risk; and for planning for impact of cyber-attacks, e.g. cyber insurance. The new methods presented in this paper for applying the roadmap include: IoT Risk Analysis through Functional Dependency; Network-based Linear Dependency Modelling; IoT risk impact assessment with a Goal-Oriented Approach; and a correlation between the Goal-Oriented Approach and the IoTMM model.

Solving the Internet Jurisdiction Puzzle

2017 ◽  
Author(s):  
Dan Jerker B. Svantesson
Keyword(s):  
International Law ◽  
Cyber Security ◽  
Data Privacy ◽  
Modern World ◽  
The Internet ◽  
Private International Law ◽  
Reform Initiatives ◽  
Legal Principles ◽  
Privacy Law ◽  
History Of

Internet jurisdiction has emerged as one of the greatest and most urgent challenges online, severely affecting areas as diverse as e-commerce, data privacy, law enforcement, content take-downs, cloud computing, e-health, Cyber security, intellectual property, freedom of speech, and Cyberwar. In this innovative book, Professor Svantesson presents a vision for a new approach to Internet jurisdiction––for both private international law and public international law––based on sixteen years of research dedicated specifically to the topic. The book demonstrates that our current paradigm remains attached to a territorial thinking that is out of sync with our modern world, especially, but not only, online. Having made the claim that our adherence to the territoriality principle is based more on habit than on any clear and universally accepted legal principles, Professor Svantesson advances a new jurisprudential framework for how we approach jurisdiction. He also proposes several other reform initiatives such as the concept of ‘investigative jurisdiction’ and an approach to geo-blocking, aimed at equipping us to solve the Internet jurisdiction puzzle. In addition, the book provides a history of Internet jurisdiction, and challenges our traditional categorisation of different types of jurisdiction. It places Internet jurisdiction in a broader context and outlines methods for how properly to understand and work with rules of Internet jurisdiction. While Solving the Internet Puzzle paints a clear picture of the concerns involved and the problems that needs to be overcome, this book is distinctly aimed at finding practical solutions anchored in a solid theoretical framework.

scholarly journals Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things

2021 ◽  
Author(s):  
Petar Radanliev ◽  
David De Roure ◽  
Pete Burnap ◽  
Omar Santos
Keyword(s):  
Risk Assessment ◽  
Internet Of Things ◽  
Empirical Analysis ◽  
Quantitative Risk Assessment ◽  
The Internet ◽  
Self Assessment ◽  
Target State ◽  
Epistemological Analysis ◽  
Cyber Risk ◽  
The Internet Of Things

AbstractThe Internet-of-Things (IoT) triggers data protection questions and new types of cyber risks. Cyber risk regulations for the IoT, however, are still in their infancy. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. At present, there are no self-assessment methods for quantifying IoT cyber risk posture. It is considered that IoT represent a complex system with too many uncontrollable risk states for quantitative risk assessment. To enable quantitative risk assessment of uncontrollable risk states in complex and coupled IoT systems, a new epistemological equation is designed and tested though comparative and empirical analysis. The comparative analysis is conducted on national digital strategies, followed by an empirical analysis of cyber risk assessment approaches. The results from the analysis present the current and a target state for IoT systems, followed by a transformation roadmap, describing how IoT systems can achieve the target state with a new epistemological analysis model. The new epistemological analysis approach enables the assessment of uncontrollable risk states in complex IoT systems—which begin to resemble artificial intelligence—and can be used for a quantitative self-assessment of IoT cyber risk posture.

Technical Risk Assessment of Large-Scale Construction Project Based on Triangle Whitening Weight Function

2014 ◽  
Vol 989-994 ◽  
pp. 5294-5299
Author(s):  
Wei Ma
Keyword(s):  
Risk Assessment ◽  
Weight Function ◽  
Large Scale ◽  
Construction Project ◽  
Scale Construction ◽  
Assessment Model ◽  
Grey Theory ◽  
Risk Assessment Model ◽  
Technical Risk

Technical risk assessment model of large-scale construction project has been established by using triangle whitening weight function of grey theory against the problems of technical risk assessment of large-scale construction project. In the end, through example verification, this model is approved to be feasible and have certain value of reference and utilization in similar problems.

Methodological provisions for assessing scientific and technical risk and financial losses during development works to create complex technical systems

2021 ◽  
Vol 20 (10) ◽  
pp. 1933-1950
Author(s):  
Nikolai V. FIROV ◽  
Sergei A. SOROKIN
Keyword(s):  
Risk Assessment ◽  
Development Stage ◽  
Financial Resources ◽  
Development Projects ◽  
Technical Risk ◽  
Complex Technical Systems ◽  
Technical Systems ◽  
The Impact ◽  
Risk Assessment And Management ◽  
Financial Losses

Subject. The article addresses scientific and technical risk and financial losses of the customer in the process of research and development works on the creation of complex technical systems. Objectives. The study aims at constructing and analyzing the dependence of scientific and technical risk and financial losses of the customer on the planned volume of development works and the financial resources invested in them. Methods. We apply methods of probability theory and mathematical statistics, system and regression analysis, risk assessment and management. The paper rests on data on completed development projects for complex technical systems creation. Results. We formulated methodological provisions for assessing scientific and technical risk, arising in the process of development works on complex technical systems. The paper presents an algorithm for calculating the expected financial losses from works implementation. The problem of minimizing financial losses associated with scientific and technical risk is formulated and formalized. The feasibility of proposed provisions and recommendations is confirmed by a practical example. Conclusions. To assess risks, it is important to consider the impact of the degree of difference between the main characteristics of developed product and its prototype on the required amount of works at development stage. This enables to build regression dependencies of the volume of works at the development stage on a specified factor, which are later used to assess the scientific and technical risk and associated financial losses.

Sign in / Sign up

Export Citation Format

Share Document