PDF(4056 KB)
Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals
Antonio SANTOS-OLMO, Luis Enrique SÁNCHEZ, David G. ROSADO, Manuel A. SERRANO, Carlos BLANCO, Haralambos MOURATIDIS, Eduardo FERNÁNDEZ-MEDINA
PDF(4056 KB)
PDF(4056 KB)
Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals
The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets. The availability of these systems is now vital for the protection and evolution of companies. However, several factors have led to an increasing need for more accurate risk analysis approaches. These are: the speed at which technologies evolve, their global impact and the growing requirement for companies to collaborate. Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms. The objective of this paper is, therefore, to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process. This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs. The paper also presents a summary of MARISMA, the risk analysis and management framework designed by our research group. The basis of our framework is the main existing risk standards and proposals, and it seeks to address the weaknesses found in these proposals. MARISMA is in a process of continuous improvement, as is being applied by customers in several European and American countries. It consists of a risk data management module, a methodology for its systematic application and a tool that automates the process.
information security management / security system / security risk assessment and management
Antonio Santos-Olmo holds a PhD in Computer Science from the University of Castilla-La Mancha, Spain and an MSc in Information Systems Audit from the Polytechnic University of Madrid, Spain. He is also an ISACA Certified Information System Auditor. He is an Assistant Professor at the Escuela Superior de Informática of the University of Castilla-La Mancha in Ciudad Real, Spain. His research activities are management security system, security metrics, data mining, data cleaning, and business intelligence. He is a member of the GSyA research group at the University of Castilla-La Mancha
Luis Enrique Sánchez holds a PhD in Computer Science from the University of Castilla-La Mancha, Spain, and an MSc in Computer Information Systems Audit from the Polytechnic University of Madrid, Spain. He is an Associate Professor at the Escuela Superior de Informática of the University of Castilla-La Mancha in Ciudad Real, Spain. His research lines are focused on cybersecurity and risk assessment and management. He is a member of the GSyA research group at the University of Castilla-La Mancha
David G. Rosado has an MSc and a PhD in Computer Science from the University of Málaga, Spain and from the University of Castilla-La Mancha, Spain, respectively. He is an Associate Professor at the Escuela Superior de Informática of Castilla-La Mancha University in Ciudad Real, Spain. His research activities are focused on security for Information Systems and Cloud Computing. He is a member of the GSyA research group at the University of Castilla-La Mancha
Manuel A. Serrano holds an MSc and a PhD in Computer Science from the University of Castilla-La Mancha, Spain. He is an Associate Professor at the Escuela Superior de Informática of Castilla-La Mancha University in Ciudad Real, Spain. His research interests are cybersecurity (especially in Big Data and IoT), data quality, software quality and measurement and business intelligence. He is member of the Alarcos Research Group at the University of Castilla-La Mancha. His e-mail address is manuel.serrano@uclm.es
Carlos Blanco holds a PhD in Computer Science from the University of Castilla-La Mancha, Spain. He is an Associate Professor at the University of Cantabria, Spain and is a member of several research groups: GSyA (University of Castilla-La Mancha) and ISTR (University of Cantabria), Spain. His research lines are Security for Information Systems but focused on Big Data, Data Warehouses and OLAP systems by using MDE approaches
Haralambos Mouratidis is Director of the Institute for Analytics and Data Science (IADS) and a Professor at the School of Computer Science and Electronic Engineering, University of Essex, UK. He holds a BEng (Hons) from the University of Wales, Swansea, UK, and an MSc and a PhD from the University of Sheffield, UK. He is also a Fellow of the Higher Education Academy (HEA) and a Professional Member of the British Computer Society (BCS). His research interests lie in the area of secure software systems engineering, requirements engineering, and information systems development
Eduardo Fernández-Medina holds a PhD in Computer Science from the University of Castilla-La Mancha, Spain. He is a Full Professor at the Escuela Superior de Informática of the University of Castilla-La Mancha in Ciudad Real, Spain. His research activity deals with security in information systems, and particularly in security in big data, Cloud Computing and CPS. He leads the GSyA research group at the University of Castilla-La Mancha
| [1] |
Hussain A, Mohamed A, Razali S. A review on cybersecurity: challenges & emerging threats. In: Proceedings of the 3rd International Conference on Networking, Information Systems & Security, 2020, 28
|
| [2] |
Hölbl M, Welzer T. Experience with teaching cybersecurity. In: Proceedings of the 27th EAEEIE Annual Conference (EAEEIE). 2017, 1−4
|
| [3] |
Toapanta S M T, Gurumendi A J, Gallegos L E M. An approach of national and international cybersecurity laws and standards to mitigate information risks in public organizations of Ecuador. In: Proceedings of the 2nd International Conference on Education Technology Management. 2019, 61−66
|
| [4] |
Shamala P, Ahmad R, Zolait A, Sedek M . Integrating information quality dimensions into information security risk management (ISRM). Journal of Information Security and Applications, 2017, 36: 1–10
|
| [5] |
Mirtsch M, Blind K, Koch C, Dudek G . Information security management in ICT and non-ICT sector companies: a preventive innovation perspective. Computers & Security, 2021, 109: 102383
|
| [6] |
Hentea M. Security management. In: Hentea M, ed. Building an Effective Security Program for Distributed Energy Resources and Systems: Understanding Security for Smart Grid and Distributed Energy Resources and Systems, Volume 1. Wiley, 2021, 405–436
|
| [7] |
Kumah P. The role of human resource management in enhancing organizational information systems security. In: Misra S, Adewumi A, eds. Handbook of Research on the Role of Human Factors in IT Project Management. Hershey, PA, USA: IGI Global, 2019, 278–303
|
| [8] |
Lee H, Han C, Yoo T. The application of mistake-proofing to organisational security management. Total Quality Management & Business Excellence, 2019, 30(9–10): 1151–1166
|
| [9] |
Li F, Chen T, Wang B, Zhang J, Qing S. Research on information security technology of mobile application in electric power industry. In: Proceedings of 2020 Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC). 2020, 51−54
|
| [10] |
Nasir A, Arshah R A, Hamid M R A, Fahmy S. An analysis on the dimensions of information security culture concept: a review. Journal of Information Security and Applications, 2019, 44: 12–22
|
| [11] |
Khando K, Gao S, Islam S M, Salman A . Enhancing employees information security awareness in private and public organisations: a systematic literature review. Computers & Security, 2021, 106: 102267
|
| [12] |
Ganin A A, Quach P, Panwar M, Collier Z A, Keisler J M, Marchese D, Linkov I . Multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis, 2020, 40( 1): 183–199
|
| [13] |
van der Schyff K, Flowerday S . Mediating effects of information security awareness. Computers & Security, 2021, 106: 102313
|
| [14] |
Prajanti A D, Ramli K. A proposed framework for ranking critical information assets in information security risk assessment using the OCTAVE allegro method with decision support system methods. In: Proceedings of the 34th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC). 2019, 1−4
|
| [15] |
Chopra A, Chaudhary M. The need for information security. In: Chopra A, Chaudhary M, eds. Implementing an Information Security Management System: Security Management Based on ISO 27001 Guidelines. Berkeley, CA: Apress, 2020, 1−20
|
| [16] |
Grishaeva S A, Borzov V I. Information security risk management. In: Proceedings of 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). 2020, 96−98
|
| [17] |
Zaini M K, Masrek M N, Abdullah Sani M K J . The impact of information security management practices on organisational agility. Information and Computer Security, 2020, 28( 5): 681–700
|
| [18] |
Kiedrowicz M, Stanik J . Method for assessing efficiency of the information security management system. MATEC Web of Conferences, 2018, 210: 04011
|
| [19] |
Sánchez L E, Santos-Olmo A, Fernandez-Medina E, Piattini M. ISMS building for SMEs through the reuse of knowledge. In: Management Association I R, ed. Small and Medium Enterprises: Concepts, Methodologies, Tools, and Applications. Hershey, PA, USA: IGI Global, 2013, 394−419
|
| [20] |
Santos-Olmo A, Sánchez L E, Caballero I, Camacho S, Fernandez-Medina E . The importance of the security culture in SMEs as regards the correct management of the security of their assets. Future Internet, 2016, 8( 3): 30
|
| [21] |
Wangen G, Hallstensen C, Snekkenes E . A framework for estimating information security risk assessment method completeness. International Journal of Information Security, 2018, 17( 6): 681–699
|
| [22] |
Achmadi D, Suryanto Y, Ramli K. On developing information security management system (ISMS) framework for ISO 27001-based data center. In: Proceedings of 2018 International Workshop on Big Data and Information Security (IWBIS). 2018, 149−157
|
| [23] |
Jeong C Y, Lee S Y T, Lim J H . Information security breaches and IT security investments: impacts on competitors. Information & Management, 2019, 56( 5): 681–695
|
| [24] |
Uchendu B, Nurse J R C, Bada M, Furnell S . Developing a Cyber Security culture: current practices and future needs. Computers & Security, 2021, 109: 102387
|
| [25] |
Casola V, Catelli R, De Benedictis A. A first step towards an ISO-based information security domain ontology. In: Proceedings of the 28th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). 2019, 334−339
|
| [26] |
Shameli-Sendi A . An efficient security data-driven approach for implementing risk assessment. Journal of Information Security and Applications, 2020, 54: 102593
|
| [27] |
Putra I M M, Mutijarsa K. Designing information security risk management on Bali regional police command center based on ISO 27005. In: Proceedings of the 3rd East Indonesia Conference on Computer and Information Technology (EIConCIT). 2021, 14−19
|
| [28] |
Hariyanti E, Djunaidy A, Siahaan D O. A conceptual model for information security risk considering business process perspective. In: Proceedings of the 4th International Conference on Science and Technology (ICST). 2018, 1−6
|
| [29] |
Szwaczyk S, Wrona K, Amanowicz M. Applicability of risk analysis methods to risk-aware routing in software-defined networks. In: Proceedings of 2018 International Conference on Military Communications and Information Systems (ICMCIS). 2018, 1−7
|
| [30] |
Ruan K . Introducing cybernomics: a unifying economic framework for measuring cyber risk. Computers & Security, 2017, 65: 77–89
|
| [31] |
Dobaj J, Schmittner C, Krisper M, Macher G. Towards integrated quantitative security and safety risk assessment. In: Proceedings of 2019 International Conference on Computer Safety, Reliability, and Security. 2019, 102−116
|
| [32] |
Sönmez F Ö, Kılıç B G . A decision support system for optimal selection of enterprise information security preventative actions. IEEE Transactions on Network and Service Management, 2021, 18( 3): 3260–3279
|
| [33] |
Tiganoaia B, Niculescu A, Negoita O, Popescu M . A new sustainable model for risk management—RiMM. Sustainability, 2019, 11( 4): 1178
|
| [34] |
Amutio M A, Candau J, Manas J A. MAGERIT-version 3.0 Methodology for information systems risk analysis and management. Ministry of Finance and Public Administration, 2014
|
| [35] |
Ali M L, Thakur K, Atobatele B. Challenges of cyber security and the emerging trends. In: Proceedings of 2019 ACM International Symposium on Blockchain and Secure Critical Infrastructure. 2019, 107−112
|
| [36] |
Khambhammettu H, Boulares S, Adi K, Logrippo L . A framework for risk assessment in access control systems. Computers & Security, 2013, 39: 86–103
|
| [37] |
Jouini M, Rabai L B A. A security risk management model for cloud computing systems: infrastructure as a service. In: Proceedings of the10th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage. 2017, 594−608
|
| [38] |
Weil T. Risk assessment methods for cloud computing platforms. In: Proceedings of the 43rd IEEE Annual Computer Software and Applications Conference (COMPSAC). 2019, 545−547
|
| [39] |
Brunner M, Sauerwein C, Felderer M, Breu R . Risk management practices in information security: exploring the status quo in the DACH region. Computers & Security, 2020, 92: 101776
|
| [40] |
Zakaria H, Abu Bakar N A, Hassan N H, Yaacob S . IoT security risk management model for secured practice in healthcare environment. Procedia Computer Science, 2019, 161: 1241–1248
|
| [41] |
Zhang Z. A new method for information security risk management in big data environment. In: Proceedings of the 2nd International Conference on Information Technology and Computer Application (ITCA). 2020, 1−4
|
| [42] |
Fu Y, Zhu J, Gao S. CPS information security risk evaluation system based on petri net. In: Proceedings of the 2nd IEEE International Conference on Data Science in Cyberspace (DSC). 2017, 541−548
|
| [43] |
Mokalled H, Pragliola C, Debertol D, Meda E, Zunino R. A comprehensive framework for the security risk management of cyber-physical systems. In: Flammini F, ed. Resilience of Cyber-Physical Systems: From Risk Modelling to Threat Counteraction. Cham: Springer International Publishing, 2019, 49−68
|
| [44] |
Chen J, Zhu Q . Interdependent strategic security risk management with bounded rationality in the internet of things. IEEE Transactions on Information Forensics and Security, 2019, 14( 11): 2958–2971
|
| [45] |
Capodieci A, Mainetti L, Dipietrangelo F. Model-driven approach to cyber risk analysis in industry 4.0. In: Proceedings of the 10th International Conference on Information Systems and Technologies. 2020, 33
|
| [46] |
Malik V, Singh S . Security risk management in IoT environment. Journal of Discrete Mathematical Sciences and Cryptography, 2019, 22( 4): 697–709
|
| [47] |
Govender S G, Kritzinger E, Loock M . A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture. Personal and Ubiquitous Computing, 2021, 25( 5): 927–940
|
| [48] |
Javaid M I, Iqbal M M W. A comprehensive people, process and technology (PPT) application model for Information Systems (IS) risk management in small/medium enterprises (SME). In: Proceedings of 2017 International Conference on Communication Technologies (ComTech). 2017, 78−90
|
| [49] |
Paltrinieri N, Reniers G . Dynamic risk analysis for Seveso sites. Journal of Loss Prevention in the Process Industries, 2017, 49: 111–119
|
| [50] |
Affia A A O, Matulevičius R, Nolte A. Security risk management in cooperative intelligent transportation systems: a systematic literature review. In: Proceedings of 2019 OTM Confederated International Conferences “On the Move to Meaningful Internet Systems”. 2019, 282−300
|
| [51] |
Genchev P G. Analysis of changes in the probability of an incident with information security. In: Proceedings of the 56th International Scientific Conference on Information, Communication and Energy Systems and Technologies (ICEST). 2021, 119−122
|
| [52] |
Kitchenham B, Charters S. Guidelines for performing systematic literature reviews in software engineering. 2007
|
| [53] |
Kitchenham B, Brereton P . A systematic review of systematic review process research in software engineering. Information and Software Technology, 2013, 55( 12): 2049–2075
|
| [54] |
Barat S, Clark T, Barn B, Kulkarni V. A model-based approach to systematic review of research literature. In: Proceedings of the 10th Innovations in Software Engineering Conference. 2017, 15−25
|
| [55] |
Barn B, Barat S, Clark T. Conducting systematic literature reviews and systematic mapping studies. In: Proceedings of the 10th Innovations in Software Engineering Conference. 2017, 212−213
|
| [56] |
Lo C C, Chen W J . A hybrid information security risk assessment procedure considering interdependences between controls. Expert Systems with Applications, 2012, 39( 1): 247–257
|
| [57] |
Wulan M, Petrovic D . A fuzzy logic based system for risk analysis and evaluation within enterprise collaborations. Computers in Industry, 2012, 63( 8): 739–748
|
| [58] |
Deb R, Roy S . A Software Defined Network information security risk assessment based on Pythagorean fuzzy sets. Expert Systems with Applications, 2021, 183: 115383
|
| [59] |
Zhang H, Sun Q . An integrated approach to risk assessment for special line shunting via fuzzy theory. Symmetry, 2018, 10( 11): 599
|
| [60] |
Saleh M S, Alfantookh A . A new comprehensive framework for enterprise information security risk management. Applied Computing and Informatics, 2011, 9( 2): 107–118
|
| [61] |
Alhawari S, Karadsheh L, Nehari Talet A, Mansour E . Knowledge-based risk management framework for information technology project. International Journal of Information Management, 2012, 32( 1): 50–65
|
| [62] |
Shamala P, Ahmad R, Yusoff M . A conceptual framework of info structure for information security risk assessment (ISRA). Journal of Information Security and Applications, 2013, 18( 1): 45–52
|
| [63] |
Khan F, Hashemi S J, Paltrinieri N, Amyotte P, Cozzani V, Reniers G . Dynamic risk management: a contemporary approach to process safety management. Current Opinion in Chemical Engineering, 2016, 14: 9–17
|
| [64] |
Sangaiah A K, Samuel O W, Li X, Abdel-Basset M, Wang H . Towards an efficient risk assessment in software projects−Fuzzy reinforcement paradigm. Computers & Electrical Engineering, 2018, 71: 833–846
|
| [65] |
Panchal D, Singh A K, Chatterjee P, Zavadskas E K, Keshavarz-Ghorabaee M . A new fuzzy methodology-based structured framework for RAM and risk analysis. Applied Soft Computing, 2019, 74: 242–254
|
| [66] |
Schmitz C, Pape S . LiSRA: Lightweight Security Risk Assessment for decision support in information security. Computers & Security, 2020, 90: 101656
|
| [67] |
Lamine E, Thabet R, Sienou A, Bork D, Fontanili F, Pingaud H . BPRIM: an integrated framework for business process management and risk management. Computers in Industry, 2020, 117: 103199
|
| [68] |
Feng N, Li M . An information systems security risk assessment model under uncertain environment. Applied Soft Computing, 2011, 11( 7): 4332–4340
|
| [69] |
Ou Yang Y P, Shieh H M, Tzeng G H . A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 2013, 232: 482–500
|
| [70] |
Feng N, Wang H J, Li M . A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis. Information Sciences, 2014, 256: 57–73
|
| [71] |
Wang L, Wang B, Peng Y. Research the information security risk assessment technique based on Bayesian network. In: Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE). 2010
|
| [72] |
Webb J, Ahmad A, Maynard S B, Shanks G . A situation awareness model for information security risk management. Computers & Security, 2014, 44: 1–15
|
| [73] |
Tubío Figueira P, López Bravo C, Rivas López J L . Improving information security risk analysis by including threat-occurrence predictive models. Computers & Security, 2020, 88: 101609
|
| [74] |
Khan F, Kim J H, Mathiassen L, Moore R . Data breach management: an integrated risk model. Information & Management, 2021, 58( 1): 103392
|
| [75] |
Schmidt A, Albert L A, Zheng K . Risk management for cyber-infrastructure protection: a bi-objective integer programming approach. Reliability Engineering & System Safety, 2021, 205: 107093
|
| [76] |
Cherdantseva Y, Burnap P, Nadjm-Tehrani S, Jones K . A configurable dependency model of a SCADA system for goal-oriented risk assessment. Applied Sciences, 2022, 12( 10): 4880
|
| [77] |
Vicente E, Mateos A, Jiménez-Martín A. Risk analysis in information systems: a fuzzification of the MAGERIT methodology. Knowledge-Based Systems, 2014, 66: 1–12
|
| [78] |
Mandal S, Maiti J . Risk analysis using FMEA: fuzzy similarity value and possibility theory based approach. Expert Systems with Applications, 2014, 41( 7): 3527–3537
|
| [79] |
van Staalduinen M A, Khan F, Gadag V, Reniers G . Functional quantitative security risk analysis (QSRA) to assist in protecting critical process infrastructure. Reliability Engineering & System Safety, 2017, 157: 23–34
|
| [80] |
Abdo H, Kaouk M, Flaus J M, Masse F . A safety/security risk analysis approach of Industrial Control Systems: a Cyber Bowtie − combining new version of attack tree with bowtie analysis. Computers & Security, 2018, 72: 175–195
|
| [81] |
Sicari S, Rizzardi A, Miorandi D, Coen-Porisini A . A risk assessment methodology for the Internet of Things. Computer Communications, 2018, 129: 67–79
|
| [82] |
Armenia S, Angelini M, Nonino F, Palombi G, Schlitzer M F . A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decision Support Systems, 2021, 147: 113580
|
| [83] |
Bozkuş E, Kaya İ, Yakut M. A fuzzy based model proposal on risk analysis for human-robot interactive systems. In: Proceedings of 2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). 2022, 1−6
|
| [84] |
Sato H. A new formula of security risk analysis that takes risk improvement factor into account. In: Proceedings of the IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing. 2011, 1243−1248
|
| [85] |
Munodawafa F, Awad A I . Security risk assessment within hybrid data centers: a case study of delay sensitive applications. Journal of Information Security and Applications, 2018, 43: 61–72
|
| [86] |
Scala N M, Reilly A C, Goethals P L, Cukier M . Risk and the five hard problems of Cybersecurity. Risk Analysis, 2019, 39( 10): 2119–2126
|
| [87] |
Li Q, Lv P, Wang M, Zhang Z, Wang S, Fang P, Gao L. A risk assessment method of smart grid in cloud computing environment based on game theory. In: Proceedings of the 5th IEEE International Conference on Cloud Computing and Big Data Analytics (ICCCBDA). 2020, 67−72
|
| [88] |
Malik V, Singh S. Intelligent strategies for cloud computing risk management and testing. In: Proceedings of ICMDE 2020 Computational Methods and Data Engineering. 2020, 101−114
|
| [89] |
Volkov A I, Semin V G, Khakimullin E R. Modeling the structures of threats to information security risks based on a fuzzy approach. In: Proceedings of 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). 2020, 132−135
|
| [90] |
Petrescu A G, Postole M A, Ciobanasu M. The international experience in security risk analysis methods. In: Oncioiu I, ed. Network Security and its Impact on Business Strategy. Hershey, PA, USA: IGI Global, 2019, 157–169
|
| [91] |
Khosravi-Farmad M, Ghaemi-Bafghi A . Bayesian decision network-based security risk management framework. Journal of Network and Systems Management, 2020, 28( 4): 1794–1819
|
| [92] |
Genchev P. An approach to support information security risk assessment. In: Proceedings of 2020 International Conference on Biomedical Innovations and Applications (BIA). 2020, 125−128
|
| [93] |
Burnap P, Cherdantseva Y, Blyth A, Eden P, Jones K, Soulsby H, Stoddart K . Determining and sharing risk data in distributed interdependent systems. Computer, 2017, 50( 4): 72–79
|
| [94] |
Tagarev T . Towards the design of a collaborative cybersecurity networked organisation: identification and prioritisation of governance needs and objectives. Future Internet, 2020, 12( 4): 62
|
| [95] |
Kuzminykh I, Ghita B, Sokolov V, Bakhshi T . Information security risk assessment. Encyclopedia, 2021, 1( 3): 602–617
|
| [96] |
Lee I . Cybersecurity: risk management framework and investment cost analysis. Business Horizons, 2021, 64( 5): 659–671
|
| [97] |
Arafah M, Bakry S H, Al-Dayel R, Faheem O. Exploring cybersecurity metrics for strategic units: a generic framework for future work. In: Proceedings of 2019 Future of Information and Communication Conference on Information and Communication. 2020, 881−891
|
| [98] |
Kotenko I, Doynikova E, Chechulin A, Fedorchenko A. AI- and metrics-based vulnerability-centric cyber security assessment and countermeasure selection. In: Parkinson S, Crampton A, Hill R, eds. Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. Cham: Springer International Publishing, 2018, 101−130
|
| [99] |
Piromsopa K, Klima T, Pavlik L. Designing model for calculating the amount of cyber risk insurance. In: Proceedings of the 4th International Conference on Mathematics and Computers in Sciences and in Industry (MCSI). 2017, 196−200
|
| [100] |
Stergiopoulos G, Gritzalis D, Kouktzoglou V . Using formal distributions for threat likelihood estimation in cloud-enabled IT risk assessment. Computer Networks, 2018, 134: 23–45
|
| [101] |
Abbass W, Baina A, Bellafkih M. Using EBIOS for risk management in critical information infrastructure. In: Proceedings of the 5th World Congress on Information and Communication Technologies (WICT). 2015, 107−112
|
| [102] |
Oppliger R, Pernul G, Katsikas S . New frontiers: assessing and managing security risks. Computer, 2017, 50( 4): 48–51
|
| [103] |
García-Porras C, Huamani-Pastor S, Armas-Aguirre J. Information security risk management model for Peruvian SMEs. In: Proceedings of 2018 IEEE Sciences and Humanities International Research Conference (SHIRCON). 2018, 1−5
|
| [104] |
Wagner P, Hansch G, Konrad C, John K H, Bauer J, Franke J. Applicability of security standards for operational technology by SMEs and large enterprises. In: Proceedings of the 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). 2020, 1544−1551
|
| [105] |
Skrodelis H K, Strebko J, Romanovs A. The information system security governance tasks in small and medium enterprises. In: Proceedings of the 61st International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS). 2020, 1−4
|
| [106] |
Antunes M, Maximiano M, Gomes R, Pinto D . Information security and cybersecurity management: a case study with SMEs in Portugal. Journal of Cybersecurity and Privacy, 2021, 1( 2): 219–238
|
| [107] |
Gill A K, Zavarsky P, Swar B. Automation of security and privacy controls for efficient information security management. In: Proceedings of the 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC). 2021, 371−375
|
/
| 〈 |
|
〉 |
AI Summary
