Yet another cybersecurity risk assessment framework

被引：3

作者：

Ekstedt, Mathias ^{[1
]}

Afzal, Zeeshan ^{[1
]}

Mukherjee, Preetam ^{[1
,2
]}

Hacks, Simon ^{[3
]}

Lagerstrom, Robert ^{[1
]}

机构：

[1] KTH Royal Inst Technol, Stockholm, Sweden

[2] Digital Univ Kerala, Thiruvananthapuram, India

[3] Stockholm Univ, Stockholm, Sweden

来源：

INTERNATIONAL JOURNAL OF INFORMATION SECURITY | 2023年 / 22卷 / 06期

关键词：

Threat modeling; Enterprise IT risk; Risk assessment; Attack tree; FOUNDATIONS; SECURITY;

D O I：

10.1007/s10207-023-00713-y

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsibles face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.

引用

页码：1713 / 1729

页数：17

共 50 条

[1] Yet another cybersecurity risk assessment framework
Mathias Ekstedt
Zeeshan Afzal
Preetam Mukherjee
Simon Hacks
Robert Lagerström
International Journal of Information Security, 2023, 22 : 1713 - 1729
[2] Yet Another Cybersecurity Roadmapping Methodology
Ariu, Davide
Didaci, Luca
Fumera, Giorgio
Giacinto, Giorgio
Roli, Fabio
Frumento, Enrico
Freschi, Federica
PROCEEDINGS 10TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY ARES 2015, 2015, : 719 - 726
[3] A Systematic Risk Assessment Framework of Automotive Cybersecurity
Wang, Yunpeng
Wang, Yinghui
Qin, Hongmao
Ji, Haojie
Zhang, Yanan
Wang, Jian
AUTOMOTIVE INNOVATION, 2021, 4 (03) : 253 - 261
[4] A simulation framework for automotive cybersecurity risk assessment
Jayaratne, Don Nalin Dharshana
Kamtam, Suraj Harsha
Shaikh, Siraj Ahmed
Ramli, Muhamad Azfar
Lu, Qian
Mepparambath, Rakhi Manohar
Nguyen, Hoang Nga
Rakib, Abdur
SIMULATION MODELLING PRACTICE AND THEORY, 2024, 136
[5] A Systematic Risk Assessment Framework of Automotive Cybersecurity
Yunpeng Wang
Yinghui Wang
Hongmao Qin
Haojie Ji
Yanan Zhang
Jian Wang
Automotive Innovation, 2021, 4 : 253 - 261
[6] PRISM: a strategic decision framework for cybersecurity risk assessment
Goel, Rajni
Kumar, Anupam
Haddow, James
INFORMATION AND COMPUTER SECURITY, 2020, 28 (04) : 591 - 625
[7] Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management
Ganin, Alexander A.
Quach, Phuoc
Panwar, Mahesh
Collier, Zachary A.
Keisler, Jeffrey M.
Marchese, Dayton
Linkov, Igor
RISK ANALYSIS, 2020, 40 (01) : 183 - 199
[8] Yet another performance testing framework
Chen, Shiping
Moreland, David
Nepal, Surya
Zic, John
ASWEC 2008: 19TH AUSTRALIAN SOFTWARE ENGINEERING CONFERENCE, PROCEEDINGS, 2008, : 170 - 179
[9] FRAPE: A Framework for Risk Assessment, Prioritization and Explainability of vulnerabilities in cybersecurity
Parente, F. R.
Rodrigues, Emanuel B.
Mattos, Cesar L. C.
JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2025, 89
[10] A Quantitative Risk Assessment Framework for the Cybersecurity of Networked Medical Devices
Van Devender, Maureen S.
McDonald, Jeffrey Todd
PROCEEDINGS OF THE 18TH INTERNATIONAL CONFERENCE ON CYBER WARFARE AND SECURITY ICCWS, 2023, : 402 - 411

← 1 2 3 4 5 →