Predicting Cybersecurity Risk - A Methodology for Assessments

ARIS2 - Advanced Research on Information Systems Security Pub Date : 2022-12-30 DOI:10.56394/aris2.v2i2.23

Daniel Jorge Ferreira, Henrique São Mamede

{"title":"Predicting Cybersecurity Risk - A Methodology for Assessments","authors":"Daniel Jorge Ferreira, Henrique São Mamede","doi":"10.56394/aris2.v2i2.23","DOIUrl":null,"url":null,"abstract":"Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.","PeriodicalId":438607,"journal":{"name":"ARIS2 - Advanced Research on Information Systems Security","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ARIS2 - Advanced Research on Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.56394/aris2.v2i2.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.

查看原文本刊更多论文

预测网络安全风险——一种评估方法

定义一个适当的网络安全事件响应模型是所有公司每天面临的一个关键挑战。然而，并不总是有一个恰当的答案。这是由于缺乏基于数据(证据)的预测模型。在研究方面投入了大量资金，以确定可能导致此类事件的主要因素，始终努力作出最适当的反应，从而提高反应能力和成功率。同时，几种不同的方法评估组织的风险管理和成熟度水平。然而，在确定组织成功采用网络安全的主动响应程度方面存在差距，从风险管理的角度评估网络安全方面存在更大的差距。本文提出了一个模型来评估这种能力，该模型旨在评估组织的方法方面，并指出可能对组织在网络安全事件管理方面的未来产生负面影响的明显差距，并提出了一个旨在积极主动的模型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ARIS2 - Advanced Research on Information Systems Security

自引率

0.00%

发文量