{"title":"基于风险的网络威胁定量评估方法","authors":"Artem Zhylin, Hanna Holych","doi":"10.60097/acig/190345","DOIUrl":null,"url":null,"abstract":"The methodology of a quantitative assessment of organ-\nisation’s network cyber threats was developed in order to quanti-\ntatively assess and compare the cybersecurity threat landscape in\nconditions of limited data while applying the risk-oriented approach.\nIt can be used either for assessing the level of network cyber threats\nof a particular organisation (as a quantitative measure of the criti-\ncality of cyber threats that are detected within the organisation’s\nnetwork) or for comparing the level of network cyber threats of\nseveral organisations during the same or different time periods,\ngiving grounds for supporting the process of making manage-\nrial decisions regarding the organisation’s cybersecurity strategy.\nThe proposed scheme of the algorithm can be used to automate\nthe calculation process. The assessment of network cyber threats\nthat are considered in the article is not a full-fledged measure of\nthe cyber risk because the methodology was developed consider-\ning the common circumstances of the deficiency of the risk context\ndata. Nevertheless, the results of the methodology implementation\npartially reflect the overall level of the organisation’s cyber risk and\nare expected to be used in the case when the full-featured proper\ncyber threats assessment can’t be organised for some reason.","PeriodicalId":123092,"journal":{"name":"Applied Cybersecurity & Internet Governance","volume":"23 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Methodology of Quantitative Assessment of Network Cyber Threats Using a Risk-Based Approach\",\"authors\":\"Artem Zhylin, Hanna Holych\",\"doi\":\"10.60097/acig/190345\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The methodology of a quantitative assessment of organ-\\nisation’s network cyber threats was developed in order to quanti-\\ntatively assess and compare the cybersecurity threat landscape in\\nconditions of limited data while applying the risk-oriented approach.\\nIt can be used either for assessing the level of network cyber threats\\nof a particular organisation (as a quantitative measure of the criti-\\ncality of cyber threats that are detected within the organisation’s\\nnetwork) or for comparing the level of network cyber threats of\\nseveral organisations during the same or different time periods,\\ngiving grounds for supporting the process of making manage-\\nrial decisions regarding the organisation’s cybersecurity strategy.\\nThe proposed scheme of the algorithm can be used to automate\\nthe calculation process. The assessment of network cyber threats\\nthat are considered in the article is not a full-fledged measure of\\nthe cyber risk because the methodology was developed consider-\\ning the common circumstances of the deficiency of the risk context\\ndata. Nevertheless, the results of the methodology implementation\\npartially reflect the overall level of the organisation’s cyber risk and\\nare expected to be used in the case when the full-featured proper\\ncyber threats assessment can’t be organised for some reason.\",\"PeriodicalId\":123092,\"journal\":{\"name\":\"Applied Cybersecurity & Internet Governance\",\"volume\":\"23 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Applied Cybersecurity & Internet Governance\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.60097/acig/190345\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Cybersecurity & Internet Governance","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.60097/acig/190345","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Methodology of Quantitative Assessment of Network Cyber Threats Using a Risk-Based Approach
The methodology of a quantitative assessment of organ-
isation’s network cyber threats was developed in order to quanti-
tatively assess and compare the cybersecurity threat landscape in
conditions of limited data while applying the risk-oriented approach.
It can be used either for assessing the level of network cyber threats
of a particular organisation (as a quantitative measure of the criti-
cality of cyber threats that are detected within the organisation’s
network) or for comparing the level of network cyber threats of
several organisations during the same or different time periods,
giving grounds for supporting the process of making manage-
rial decisions regarding the organisation’s cybersecurity strategy.
The proposed scheme of the algorithm can be used to automate
the calculation process. The assessment of network cyber threats
that are considered in the article is not a full-fledged measure of
the cyber risk because the methodology was developed consider-
ing the common circumstances of the deficiency of the risk context
data. Nevertheless, the results of the methodology implementation
partially reflect the overall level of the organisation’s cyber risk and
are expected to be used in the case when the full-featured proper
cyber threats assessment can’t be organised for some reason.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
