Charting new waters with CRAMMTS: A survey-driven cybersecurity risk analysis method for maritime stakeholders

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-07-22 DOI:10.1016/j.cose.2024.104015

{"title":"Charting new waters with CRAMMTS: A survey-driven cybersecurity risk analysis method for maritime stakeholders","authors":"","doi":"10.1016/j.cose.2024.104015","DOIUrl":null,"url":null,"abstract":"<div><p>This article presents a novel survey-based cybersecurity risk assessment model, CRAMMTS (Cyber Risk Analysis Method for Maritime Transportation Systems), specifically designed for the maritime sector, addressing a critical gap in the literature. Our study contributes significantly in three ways: firstly, through a comprehensive critical literature review of 31 maritime guidelines and 95 scholarly articles, identifying the need for a new cybersecurity risk assessment method; secondly, by developing CRAMMTS, an adaptation of the ISRAM risk analysis method, incorporating the International Maritime Organization's criteria and enabling participation from maritime professionals, especially policymakers and leaders. The third contribution is a case study, the practical application of CRAMMTS in surveying 80 maritime professionals, assessing their perception of cybersecurity risks, and identifying varying risk levels, with the highest associated with cyber threat actors. This approach proved effective in assessing risks at both tactical and strategic levels and providing a clear, quantitative risk metric for decision-making. Our research underscores the maritime sector's need for a holistic, easily implementable cybersecurity risk analysis method that engages leaders and adapts to various Maritime Transportation System scopes, thereby enhancing cybersecurity risk assessment in this crucial domain.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003201","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

This article presents a novel survey-based cybersecurity risk assessment model, CRAMMTS (Cyber Risk Analysis Method for Maritime Transportation Systems), specifically designed for the maritime sector, addressing a critical gap in the literature. Our study contributes significantly in three ways: firstly, through a comprehensive critical literature review of 31 maritime guidelines and 95 scholarly articles, identifying the need for a new cybersecurity risk assessment method; secondly, by developing CRAMMTS, an adaptation of the ISRAM risk analysis method, incorporating the International Maritime Organization's criteria and enabling participation from maritime professionals, especially policymakers and leaders. The third contribution is a case study, the practical application of CRAMMTS in surveying 80 maritime professionals, assessing their perception of cybersecurity risks, and identifying varying risk levels, with the highest associated with cyber threat actors. This approach proved effective in assessing risks at both tactical and strategic levels and providing a clear, quantitative risk metric for decision-making. Our research underscores the maritime sector's need for a holistic, easily implementable cybersecurity risk analysis method that engages leaders and adapts to various Maritime Transportation System scopes, thereby enhancing cybersecurity risk assessment in this crucial domain.

查看原文本刊更多论文

用 CRAMMTS 开辟新水域：面向海事利益相关者的调查驱动型网络安全风险分析方法

本文介绍了一种基于调查的新型网络安全风险评估模型 CRAMMTS（海上运输系统网络风险分析方法），该模型专为海事部门设计，填补了文献中的一个重要空白。我们的研究在三个方面做出了重大贡献：首先，通过对 31 项海事指南和 95 篇学术文章进行全面的批判性文献综述，确定了对新的网络安全风险评估方法的需求；其次，通过开发 CRAMMTS，对 ISRAM 风险分析方法进行改编，纳入国际海事组织的标准，并使海事专业人员，特别是政策制定者和领导者能够参与其中。第三个贡献是案例研究，即 CRAMMTS 在调查 80 名海事专业人员时的实际应用，评估他们对网络安全风险的看法，并确定不同的风险等级，其中与网络威胁行为者相关的风险等级最高。事实证明，这种方法能有效评估战术和战略层面的风险，并为决策提供明确的量化风险指标。我们的研究强调，海事部门需要一种全面、易于实施的网络安全风险分析方法，这种方法既能吸引领导者参与，又能适应各种海事运输系统范围，从而加强这一关键领域的网络安全风险评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.

文献相关原料

公司名称	产品信息	采购帮参考价格