TY - GEN
T1 - Dynamic framework for assessing cyber security risks in a changing environment
AU - Naumov, Sergey
AU - Kabanov, Ilya
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/12/7
Y1 - 2016/12/7
N2 - Cyber risk assessment frameworks aim at addressing a challenging problem that public and commercial organizations and nations embrace today - a proper estimation of likelihood of cyber-related risks and assessment of their potential impact on an enterprise. However, current frameworks fail at adapting to changes which happen in dynamically shifting environments and keep organizations blind to new possible threats. These threats may occur because of different changes happening internally or externally of the organization. For example, the global presence or digital footprint of the organization can significantly increase the exposure of an organization to cyber threats. Therefore, practitioners need new instruments which can be used to advise enterprises when and how their risk assessment methods and processes should be adjusted in order to stay relevant in a rapidly changing environment. In this work, the authors propose and validate a new method of applying a system dynamics approach for designing a dynamic risk assessment framework and introduce areas of future work.
AB - Cyber risk assessment frameworks aim at addressing a challenging problem that public and commercial organizations and nations embrace today - a proper estimation of likelihood of cyber-related risks and assessment of their potential impact on an enterprise. However, current frameworks fail at adapting to changes which happen in dynamically shifting environments and keep organizations blind to new possible threats. These threats may occur because of different changes happening internally or externally of the organization. For example, the global presence or digital footprint of the organization can significantly increase the exposure of an organization to cyber threats. Therefore, practitioners need new instruments which can be used to advise enterprises when and how their risk assessment methods and processes should be adjusted in order to stay relevant in a rapidly changing environment. In this work, the authors propose and validate a new method of applying a system dynamics approach for designing a dynamic risk assessment framework and introduce areas of future work.
UR - http://www.scopus.com/inward/record.url?scp=85010629606&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85010629606&partnerID=8YFLogxK
U2 - 10.1109/ICISCT.2016.7777406
DO - 10.1109/ICISCT.2016.7777406
M3 - Conference contribution
AN - SCOPUS:85010629606
T3 - 2016 International Conference on Information Science and Communications Technologies, ICISCT 2016
BT - 2016 International Conference on Information Science and Communications Technologies, ICISCT 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2016 International Conference on Information Science and Communications Technologies, ICISCT 2016
Y2 - 2 November 2016 through 4 November 2016
ER -