Integrating Shared Cyber Security Information into Information Security Risk Management
نویسنده
چکیده
In the last couples of years, the complexity and interconnectedness of Information Systems (IS), and security related incidents increased significantly. In order to guarantee confidentiality, integrity, and availability of these IS an appropriate information security risk management (ISRM) must be in place. Reliable ISRM represents a challenge for organizations, since they take security related decisions based on outdated data, overlook vulnerabilities, threats or common incidents. To overcome these issues the acquisition of shared cyber security information at the right time supports ISRM to reduce risks, identify attacks, and enhance resilience of an IS. However, the exchange and acquisition of shared cyber security information represents a major challenge in ISRM. In the proposed PhD thesis we focus on this challenge by developing a framework that automatically combines and integrates shared cyber security information into ISRM processes. In doing so, we develop quality criteria, measures, and metrics to evaluate and filter shared cyber security information.
منابع مشابه
Critical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)
The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...
متن کاملHarmonizing and Uniting the Key Technical Disciplines for Risk Management of Cyber Security
This paper addresses the need to bridge the cultural, educational, and technical divides that are impeding professionals and organizations engaged in system and software development and associated security problems. In particular, harmonizing and uniting several key technical disciplines (software engineering, computer science, systems engineering) are critical for a sustainable risk management...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملUsing Financial Instruments to Transfer the Information Security Risks
For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments c...
متن کاملAdoption of ISMS for Protecting SCADA Systems against Cyber Terrorism Threats
The potential for catastrophic cyber attacks that can cripple the operations of critical infrastructures of nations is worrying. The consequences of cyber attack to the Supervisory Control and Data Acquisition (SCADA) systems are wide, resulting in potentially catastrophic damages and disruption. This paper proposes for the Critical National Information Infrastructure (CNII) organizations to co...
متن کامل