Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals

doi:10.1007/s11704-023-1582-6

Front. Comput. Sci.

2024, Vol. 18

Issue (3) : 183808 https://doi.org/10.1007/s11704-023-1582-6

REVIEW ARTICLE

Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals

Antonio SANTOS-OLMO^1,²(

), Luis Enrique SÁNCHEZ^1,², David G. ROSADO¹, Manuel A. SERRANO³, Carlos BLANCO⁴, Haralambos MOURATIDIS², Eduardo FERNÁNDEZ-MEDINA¹

¹. GSyA Research Group, University of Castilla-La Mancha, Ciudad Real 13071, Spain
². Institute for Analytics and Data Science, University of Essex, Colchester CO4 3SQ, UK
³. Alarcos Research Group, University of Castilla-La Mancha, Ciudad Real 13071, Spain
⁴. ISTR Research group, Department of Computer Science and Electronics, University of Cantabria, Santander 39005, Spain

Download: PDF(4056 KB) HTML
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract

The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets. The availability of these systems is now vital for the protection and evolution of companies. However, several factors have led to an increasing need for more accurate risk analysis approaches. These are: the speed at which technologies evolve, their global impact and the growing requirement for companies to collaborate. Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms. The objective of this paper is, therefore, to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process. This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs. The paper also presents a summary of MARISMA, the risk analysis and management framework designed by our research group. The basis of our framework is the main existing risk standards and proposals, and it seeks to address the weaknesses found in these proposals. MARISMA is in a process of continuous improvement, as is being applied by customers in several European and American countries. It consists of a risk data management module, a methodology for its systematic application and a tool that automates the process.

Keywords information security management security system security risk assessment and management

Corresponding Author(s): Antonio SANTOS-OLMO

Just Accepted Date: 10 February 2023 Issue Date: 12 May 2023

Cite this article:

Antonio SANTOS-OLMO,Luis Enrique SáNCHEZ,David G. ROSADO, et al. Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals[J]. Front. Comput. Sci., 2024, 18(3): 183808.

URL:

https://academic.hep.com.cn/fcs/EN/10.1007/s11704-023-1582-6
https://academic.hep.com.cn/fcs/EN/Y2024/V18/I3/183808

Tab.1 Results by initiative

Type	Initiat.	Scope	Technique	Main contributions
Process	P1	Limited ISO27001	DEMATEL, ANP	? Interrelationships between risks according to control areas
	P2	Networks	Fuzzy techniques	? Risks associated with networked business collaborations
	P2	Networks	Fuzzy techniques	? Prototyping and application in real cases
	P3	Software defined networks (SDN)	Fuzzy techniques, DEMATEL	? Reduction of the degree of uncertainty
	P3	Software defined networks (SDN)	Fuzzy techniques, DEMATEL	? Associative risk management
	P4	Railways	Fuzzy techniques	? Reduction in the degree of uncertainty
	P4	Railways	Fuzzy techniques	?Hierarchical factors for risk probability and impact assessment
Framework	F1	Electronic transactions	STOPE, DMAIC	? Risks associated with networked business collaborations
	F2	IT projects	KM	? Application of knowledge management techniques to risk analysis
	F3	Global	?	? Structuring of information prior to risk analysis
	F3	Global	?	? Knowledge reuse
	F4	Global	?	? Dynamic risk assessment
	F5	Software development	Fuzzy techniques	? Reduction in the degree of uncertainty
	F6	Global	?	? Knowledge reuse
	F6	Global	?	?Importance of Dynamic Risk and Cloud Environments
	F7	Critical Infrastructure	FMEA	? Reduction inf the degree of uncertainty
	F8	Global	Logic trees	? Decision-making processes
				?Knowledge reuse
				?Targeting SMEs & Associative risk management
	F9	Business processes	?	? Integration of BPM with risk management
	F9	Business processes	?	?Risk metamodel
Model	MO1	Global	Theory of evidenceFuzzy measures	? Management of uncertainty in results
				?Consistency evidence
				? Case study
	MO2	Global	VIKOR, DEMATEL, ANP	? Interdependence and feedback of risk criteria
	MO2	Global	VIKOR, DEMATEL, ANP	? PDCA risk assessment process
	MO3	Global	Bayesian Networks	? Weakness propagation uncertainty analysis
	MO4	Global	?	? Decision-making processes
				? Improved processes with which to analyse risk information
				? Case study
	MO5	Data	?	? Use of risk patterns
				?Associative risk management
				?Case study
	MO6	Global	Logistic regression models	? Predictive techniques
				?Dynamic risk assessment
				?Focus on SMEs
	MO7	Data	Heuristic techniques	? Dynamic risk assessment
	MO7	Data	Heuristic techniques	?Importance of the environment and third parties in risk
	MO8	Supply chains	Stochastic & Deterministic techniques	? Mixed application of stochastic and deterministic techniques
				?Reduction in the degree of uncertainty
				?Decision-making processes
	MO9	ICS	Mind Maps	? Dynamic risk assessment
				?Associative risk management
				?Case study
Methodology	ME1	Global	Fuzzy techniques	? Reduction in the degree of uncertainty
	ME1	Global	Fuzzy techniques	? Importance of the environment and third parties in risk
	ME2	Global	FMEA	? Reduction of uncertainty
	ME3	Critical Infrastructure	Bow Tie Models, Bayesian Networks	? Concurrent analysis of risks and vulnerabilities
	ME3	Critical Infrastructure	Bow Tie Models, Bayesian Networks	?Case study
	ME4	IoT	?	? Exploitability value of vulnerabilities
	ME4	IoT	?	? Degrees of vulnerability
	ME5	Financial	?	? Adaptation to dynamic scenarios
				?Focus on SMEs
				?Prototyping and application in real cases
	ME6	I4.0 - HMI	VIKOR, DEMATEL, ANPFuzzy techniques	? Reduction in the degree of uncertainty
	ME6	I4.0 - HMI	VIKOR, DEMATEL, ANPFuzzy techniques	?Importance of the environment in risk
Others	O1	Global	?	? Progressive improvement of risk levels
	O2	Data Centre	?	? Risk analysis in virtualisation
	O2	Data Centre	?	?Risks in data centres outside but part of the IS

Tab.2 Main contributions of the selected proposals

Tab.3 Comparison of the selected proposals

Fig.1 MARISMA methodology

Fig.2 CAT meta-pattern

Fig.3 Overview in SPEM of the processes in the methodology

Fig.4 Example of audits tree of eMARISMA tool

Fig.5 Diagram of eMARISMA architecture

1	A, Hussain A, Mohamed S Razali . A review on cybersecurity: challenges & emerging threats. In: Proceedings of the 3rd International Conference on Networking, Information Systems & Security, 2020, 28
2	M, Hölbl T Welzer . Experience with teaching cybersecurity. In: Proceedings of the 27th EAEEIE Annual Conference (EAEEIE). 2017, 1−4
3	S M T, Toapanta A J, Gurumendi L E M Gallegos . An approach of national and international cybersecurity laws and standards to mitigate information risks in public organizations of Ecuador. In: Proceedings of the 2nd International Conference on Education Technology Management. 2019, 61−66
4	P, Shamala R, Ahmad A, Zolait M Sedek . Integrating information quality dimensions into information security risk management (ISRM). Journal of Information Security and Applications, 2017, 36: 1–10
5	M, Mirtsch K, Blind C, Koch G Dudek . Information security management in ICT and non-ICT sector companies: a preventive innovation perspective. Computers & Security, 2021, 109: 102383
6	M Hentea . Security management. In: Hentea M, ed. Building an Effective Security Program for Distributed Energy Resources and Systems: Understanding Security for Smart Grid and Distributed Energy Resources and Systems, Volume 1. Wiley, 2021, 405–436
7	P Kumah . The role of human resource management in enhancing organizational information systems security. In: Misra S, Adewumi A, eds. Handbook of Research on the Role of Human Factors in IT Project Management. Hershey, PA, USA: IGI Global, 2019, 278–303
8	H, Lee C, Han T Yoo . The application of mistake-proofing to organisational security management. Total Quality Management & Business Excellence, 2019, 30(9–10): 1151–1166
9	F, Li T, Chen B, Wang J, Zhang S Qing . Research on information security technology of mobile application in electric power industry. In: Proceedings of 2020 Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC). 2020, 51−54
10	A, Nasir R A, Arshah M R A, Hamid S Fahmy . An analysis on the dimensions of information security culture concept: a review. Journal of Information Security and Applications, 2019, 44: 12–22
11	K, Khando S, Gao S M, Islam A Salman . Enhancing employees information security awareness in private and public organisations: a systematic literature review. Computers & Security, 2021, 106: 102267
12	A A, Ganin P, Quach M, Panwar Z A, Collier J M, Keisler D, Marchese I Linkov . Multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis, 2020, 40( 1): 183–199
13	der Schyff K, van S Flowerday . Mediating effects of information security awareness. Computers & Security, 2021, 106: 102313
14	A D, Prajanti K Ramli . A proposed framework for ranking critical information assets in information security risk assessment using the OCTAVE allegro method with decision support system methods. In: Proceedings of the 34th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC). 2019, 1−4
15	A, Chopra M Chaudhary . The need for information security. In: Chopra A, Chaudhary M, eds. Implementing an Information Security Management System: Security Management Based on ISO 27001 Guidelines. Berkeley, CA: Apress, 2020, 1−20
16	S A, Grishaeva V I Borzov . Information security risk management. In: Proceedings of 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). 2020, 96−98
17	M K, Zaini M N, Masrek Sani M K J Abdullah . The impact of information security management practices on organisational agility. Information and Computer Security, 2020, 28( 5): 681–700
18	M, Kiedrowicz J Stanik . Method for assessing efficiency of the information security management system. MATEC Web of Conferences, 2018, 210: 04011
19	L E, Sánchez A, Santos-Olmo E, Fernandez-Medina M Piattini . ISMS building for SMEs through the reuse of knowledge. In: Management Association I R, ed. Small and Medium Enterprises: Concepts, Methodologies, Tools, and Applications. Hershey, PA, USA: IGI Global, 2013, 394−419
20	A, Santos-Olmo L E, Sánchez I, Caballero S, Camacho E Fernandez-Medina . The importance of the security culture in SMEs as regards the correct management of the security of their assets. Future Internet, 2016, 8( 3): 30
21	G, Wangen C, Hallstensen E Snekkenes . A framework for estimating information security risk assessment method completeness. International Journal of Information Security, 2018, 17( 6): 681–699
22	D, Achmadi Y, Suryanto K Ramli . On developing information security management system (ISMS) framework for ISO 27001-based data center. In: Proceedings of 2018 International Workshop on Big Data and Information Security (IWBIS). 2018, 149−157
23	C Y, Jeong S Y T, Lee J H Lim . Information security breaches and IT security investments: impacts on competitors. Information & Management, 2019, 56( 5): 681–695
24	B, Uchendu J R C, Nurse M, Bada S Furnell . Developing a Cyber Security culture: current practices and future needs. Computers & Security, 2021, 109: 102387
25	V, Casola R, Catelli Benedictis A De . A first step towards an ISO-based information security domain ontology. In: Proceedings of the 28th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). 2019, 334−339
26	A Shameli-Sendi . An efficient security data-driven approach for implementing risk assessment. Journal of Information Security and Applications, 2020, 54: 102593
27	I M M, Putra K Mutijarsa . Designing information security risk management on Bali regional police command center based on ISO 27005. In: Proceedings of the 3rd East Indonesia Conference on Computer and Information Technology (EIConCIT). 2021, 14−19
28	E, Hariyanti A, Djunaidy D O Siahaan . A conceptual model for information security risk considering business process perspective. In: Proceedings of the 4th International Conference on Science and Technology (ICST). 2018, 1−6
29	S, Szwaczyk K, Wrona M Amanowicz . Applicability of risk analysis methods to risk-aware routing in software-defined networks. In: Proceedings of 2018 International Conference on Military Communications and Information Systems (ICMCIS). 2018, 1−7
30	K Ruan . Introducing cybernomics: a unifying economic framework for measuring cyber risk. Computers & Security, 2017, 65: 77–89
31	J, Dobaj C, Schmittner M, Krisper G Macher . Towards integrated quantitative security and safety risk assessment. In: Proceedings of 2019 International Conference on Computer Safety, Reliability, and Security. 2019, 102−116
32	F Ö, Sönmez B G Kılıç . A decision support system for optimal selection of enterprise information security preventative actions. IEEE Transactions on Network and Service Management, 2021, 18( 3): 3260–3279
33	B, Tiganoaia A, Niculescu O, Negoita M Popescu . A new sustainable model for risk management—RiMM. Sustainability, 2019, 11( 4): 1178
34	M A, Amutio J, Candau J A Manas . MAGERIT-version 3.0 Methodology for information systems risk analysis and management. Ministry of Finance and Public Administration, 2014
35	M L, Ali K, Thakur B Atobatele . Challenges of cyber security and the emerging trends. In: Proceedings of 2019 ACM International Symposium on Blockchain and Secure Critical Infrastructure. 2019, 107−112
36	H, Khambhammettu S, Boulares K, Adi L Logrippo . A framework for risk assessment in access control systems. Computers & Security, 2013, 39: 86–103
37	M, Jouini L B A Rabai . A security risk management model for cloud computing systems: infrastructure as a service. In: Proceedings of the10th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage. 2017, 594−608
38	T Weil . Risk assessment methods for cloud computing platforms. In: Proceedings of the 43rd IEEE Annual Computer Software and Applications Conference (COMPSAC). 2019, 545−547
39	M, Brunner C, Sauerwein M, Felderer R Breu . Risk management practices in information security: exploring the status quo in the DACH region. Computers & Security, 2020, 92: 101776
40	H, Zakaria Bakar N A, Abu N H, Hassan S Yaacob . IoT security risk management model for secured practice in healthcare environment. Procedia Computer Science, 2019, 161: 1241–1248
41	Z Zhang . A new method for information security risk management in big data environment. In: Proceedings of the 2nd International Conference on Information Technology and Computer Application (ITCA). 2020, 1−4
42	Y, Fu J, Zhu S Gao . CPS information security risk evaluation system based on petri net. In: Proceedings of the 2nd IEEE International Conference on Data Science in Cyberspace (DSC). 2017, 541−548
43	H, Mokalled C, Pragliola D, Debertol E, Meda R Zunino . A comprehensive framework for the security risk management of cyber-physical systems. In: Flammini F, ed. Resilience of Cyber-Physical Systems: From Risk Modelling to Threat Counteraction. Cham: Springer International Publishing, 2019, 49−68
44	J, Chen Q Zhu . Interdependent strategic security risk management with bounded rationality in the internet of things. IEEE Transactions on Information Forensics and Security, 2019, 14( 11): 2958–2971
45	A, Capodieci L, Mainetti F Dipietrangelo . Model-driven approach to cyber risk analysis in industry 4.0. In: Proceedings of the 10th International Conference on Information Systems and Technologies. 2020, 33
46	V, Malik S Singh . Security risk management in IoT environment. Journal of Discrete Mathematical Sciences and Cryptography, 2019, 22( 4): 697–709
47	S G, Govender E, Kritzinger M Loock . A framework and tool for the assessment of information security risk, the reduction of information security cost and the sustainability of information security culture. Personal and Ubiquitous Computing, 2021, 25( 5): 927–940
48	M I, Javaid M M W Iqbal . A comprehensive people, process and technology (PPT) application model for Information Systems (IS) risk management in small/medium enterprises (SME). In: Proceedings of 2017 International Conference on Communication Technologies (ComTech). 2017, 78−90
49	N, Paltrinieri G Reniers . Dynamic risk analysis for Seveso sites. Journal of Loss Prevention in the Process Industries, 2017, 49: 111–119
50	A A O, Affia R, Matulevičius A Nolte . Security risk management in cooperative intelligent transportation systems: a systematic literature review. In: Proceedings of 2019 OTM Confederated International Conferences “On the Move to Meaningful Internet Systems”. 2019, 282−300
51	P G Genchev . Analysis of changes in the probability of an incident with information security. In: Proceedings of the 56th International Scientific Conference on Information, Communication and Energy Systems and Technologies (ICEST). 2021, 119−122
52	B, Kitchenham S Charters . Guidelines for performing systematic literature reviews in software engineering. 2007
53	B, Kitchenham P Brereton . A systematic review of systematic review process research in software engineering. Information and Software Technology, 2013, 55( 12): 2049–2075
54	S, Barat T, Clark B, Barn V Kulkarni . A model-based approach to systematic review of research literature. In: Proceedings of the 10th Innovations in Software Engineering Conference. 2017, 15−25
55	B, Barn S, Barat T Clark . Conducting systematic literature reviews and systematic mapping studies. In: Proceedings of the 10th Innovations in Software Engineering Conference. 2017, 212−213
56	C C, Lo W J Chen . A hybrid information security risk assessment procedure considering interdependences between controls. Expert Systems with Applications, 2012, 39( 1): 247–257
57	M, Wulan D Petrovic . A fuzzy logic based system for risk analysis and evaluation within enterprise collaborations. Computers in Industry, 2012, 63( 8): 739–748
58	R, Deb S Roy . A Software Defined Network information security risk assessment based on Pythagorean fuzzy sets. Expert Systems with Applications, 2021, 183: 115383
59	H, Zhang Q Sun . An integrated approach to risk assessment for special line shunting via fuzzy theory. Symmetry, 2018, 10( 11): 599
60	M S, Saleh A Alfantookh . A new comprehensive framework for enterprise information security risk management. Applied Computing and Informatics, 2011, 9( 2): 107–118
61	S, Alhawari L, Karadsheh Talet A, Nehari E Mansour . Knowledge-based risk management framework for information technology project. International Journal of Information Management, 2012, 32( 1): 50–65
62	P, Shamala R, Ahmad M Yusoff . A conceptual framework of info structure for information security risk assessment (ISRA). Journal of Information Security and Applications, 2013, 18( 1): 45–52
63	F, Khan S J, Hashemi N, Paltrinieri P, Amyotte V, Cozzani G Reniers . Dynamic risk management: a contemporary approach to process safety management. Current Opinion in Chemical Engineering, 2016, 14: 9–17
64	A K, Sangaiah O W, Samuel X, Li M, Abdel-Basset H Wang . Towards an efficient risk assessment in software projects−Fuzzy reinforcement paradigm. Computers & Electrical Engineering, 2018, 71: 833–846
65	D, Panchal A K, Singh P, Chatterjee E K, Zavadskas M Keshavarz-Ghorabaee . A new fuzzy methodology-based structured framework for RAM and risk analysis. Applied Soft Computing, 2019, 74: 242–254
66	C, Schmitz S Pape . LiSRA: Lightweight Security Risk Assessment for decision support in information security. Computers & Security, 2020, 90: 101656
67	E, Lamine R, Thabet A, Sienou D, Bork F, Fontanili H Pingaud . BPRIM: an integrated framework for business process management and risk management. Computers in Industry, 2020, 117: 103199
68	N, Feng M Li . An information systems security risk assessment model under uncertain environment. Applied Soft Computing, 2011, 11( 7): 4332–4340
69	Yang Y P, Ou H M, Shieh G H Tzeng . A VIKOR technique based on DEMATEL and ANP for information security risk control assessment. Information Sciences, 2013, 232: 482–500
70	N, Feng H J, Wang M Li . A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis. Information Sciences, 2014, 256: 57–73
71	L, Wang B, Wang Y Peng . Research the information security risk assessment technique based on Bayesian network. In: Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE). 2010
72	J, Webb A, Ahmad S B, Maynard G Shanks . A situation awareness model for information security risk management. Computers & Security, 2014, 44: 1–15
73	Figueira P, Tubío Bravo C, López López J L Rivas . Improving information security risk analysis by including threat-occurrence predictive models. Computers & Security, 2020, 88: 101609
74	F, Khan J H, Kim L, Mathiassen R Moore . Data breach management: an integrated risk model. Information & Management, 2021, 58( 1): 103392
75	A, Schmidt L A, Albert K Zheng . Risk management for cyber-infrastructure protection: a bi-objective integer programming approach. Reliability Engineering & System Safety, 2021, 205: 107093
76	Y, Cherdantseva P, Burnap S, Nadjm-Tehrani K Jones . A configurable dependency model of a SCADA system for goal-oriented risk assessment. Applied Sciences, 2022, 12( 10): 4880
77	E, Vicente A, Mateos A Jiménez-Martín . Risk analysis in information systems: a fuzzification of the MAGERIT methodology. Knowledge-Based Systems, 2014, 66: 1–12
78	S, Mandal J Maiti . Risk analysis using FMEA: fuzzy similarity value and possibility theory based approach. Expert Systems with Applications, 2014, 41( 7): 3527–3537
79	Staalduinen M A, van F, Khan V, Gadag G Reniers . Functional quantitative security risk analysis (QSRA) to assist in protecting critical process infrastructure. Reliability Engineering & System Safety, 2017, 157: 23–34
80	H, Abdo M, Kaouk J M, Flaus F Masse . A safety/security risk analysis approach of Industrial Control Systems: a Cyber Bowtie − combining new version of attack tree with bowtie analysis. Computers & Security, 2018, 72: 175–195
81	S, Sicari A, Rizzardi D, Miorandi A Coen-Porisini . A risk assessment methodology for the Internet of Things. Computer Communications, 2018, 129: 67–79
82	S, Armenia M, Angelini F, Nonino G, Palombi M F Schlitzer . A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decision Support Systems, 2021, 147: 113580
83	E, Bozkuş İ, Kaya M Yakut . A fuzzy based model proposal on risk analysis for human-robot interactive systems. In: Proceedings of 2022 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA). 2022, 1−6
84	H Sato . A new formula of security risk analysis that takes risk improvement factor into account. In: Proceedings of the IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing. 2011, 1243−1248
85	F, Munodawafa A I Awad . Security risk assessment within hybrid data centers: a case study of delay sensitive applications. Journal of Information Security and Applications, 2018, 43: 61–72
86	N M, Scala A C, Reilly P L, Goethals M Cukier . Risk and the five hard problems of Cybersecurity. Risk Analysis, 2019, 39( 10): 2119–2126
87	Q, Li P, Lv M, Wang Z, Zhang S, Wang P, Fang L Gao . A risk assessment method of smart grid in cloud computing environment based on game theory. In: Proceedings of the 5th IEEE International Conference on Cloud Computing and Big Data Analytics (ICCCBDA). 2020, 67−72
88	V, Malik S Singh . Intelligent strategies for cloud computing risk management and testing. In: Proceedings of ICMDE 2020 Computational Methods and Data Engineering. 2020, 101−114
89	A I, Volkov V G, Semin E R Khakimullin . Modeling the structures of threats to information security risks based on a fuzzy approach. In: Proceedings of 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). 2020, 132−135
90	A G, Petrescu M A, Postole M Ciobanasu . The international experience in security risk analysis methods. In: Oncioiu I, ed. Network Security and its Impact on Business Strategy. Hershey, PA, USA: IGI Global, 2019, 157–169
91	M, Khosravi-Farmad A Ghaemi-Bafghi . Bayesian decision network-based security risk management framework. Journal of Network and Systems Management, 2020, 28( 4): 1794–1819
92	P Genchev . An approach to support information security risk assessment. In: Proceedings of 2020 International Conference on Biomedical Innovations and Applications (BIA). 2020, 125−128
93	P, Burnap Y, Cherdantseva A, Blyth P, Eden K, Jones H, Soulsby K Stoddart . Determining and sharing risk data in distributed interdependent systems. Computer, 2017, 50( 4): 72–79
94	T Tagarev . Towards the design of a collaborative cybersecurity networked organisation: identification and prioritisation of governance needs and objectives. Future Internet, 2020, 12( 4): 62
95	I, Kuzminykh B, Ghita V, Sokolov T Bakhshi . Information security risk assessment. Encyclopedia, 2021, 1( 3): 602–617
96	I Lee . Cybersecurity: risk management framework and investment cost analysis. Business Horizons, 2021, 64( 5): 659–671
97	M, Arafah S H, Bakry R, Al-Dayel O Faheem . Exploring cybersecurity metrics for strategic units: a generic framework for future work. In: Proceedings of 2019 Future of Information and Communication Conference on Information and Communication. 2020, 881−891
98	I, Kotenko E, Doynikova A, Chechulin A Fedorchenko . AI- and metrics-based vulnerability-centric cyber security assessment and countermeasure selection. In: Parkinson S, Crampton A, Hill R, eds. Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach. Cham: Springer International Publishing, 2018, 101−130
99	K, Piromsopa T, Klima L Pavlik . Designing model for calculating the amount of cyber risk insurance. In: Proceedings of the 4th International Conference on Mathematics and Computers in Sciences and in Industry (MCSI). 2017, 196−200
100	G, Stergiopoulos D, Gritzalis V Kouktzoglou . Using formal distributions for threat likelihood estimation in cloud-enabled IT risk assessment. Computer Networks, 2018, 134: 23–45
101	W, Abbass A, Baina M Bellafkih . Using EBIOS for risk management in critical information infrastructure. In: Proceedings of the 5th World Congress on Information and Communication Technologies (WICT). 2015, 107−112
102	R, Oppliger G, Pernul S Katsikas . New frontiers: assessing and managing security risks. Computer, 2017, 50( 4): 48–51
103	C, García-Porras S, Huamani-Pastor J Armas-Aguirre . Information security risk management model for Peruvian SMEs. In: Proceedings of 2018 IEEE Sciences and Humanities International Research Conference (SHIRCON). 2018, 1−5
104	P, Wagner G, Hansch C, Konrad K H, John J, Bauer J Franke . Applicability of security standards for operational technology by SMEs and large enterprises. In: Proceedings of the 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). 2020, 1544−1551
105	H K, Skrodelis J, Strebko A Romanovs . The information system security governance tasks in small and medium enterprises. In: Proceedings of the 61st International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS). 2020, 1−4
106	M, Antunes M, Maximiano R, Gomes D Pinto . Information security and cybersecurity management: a case study with SMEs in Portugal. Journal of Cybersecurity and Privacy, 2021, 1( 2): 219–238
107	A K, Gill P, Zavarsky B Swar . Automation of security and privacy controls for efficient information security management. In: Proceedings of the 2nd International Conference on Secure Cyber Computing and Communications (ICSCCC). 2021, 371−375

[1]

FCS-21582-OF-AS_suppl_1

Download

[1]	Muazzam MAQSOOD, Sadaf YASMIN, Saira GILLANI, Maryam BUKHARI, Seungmin RHO, Sang-Soo YEO. An efficient deep learning-assisted person re-identification solution for intelligent video surveillance in smart cities[J]. Front. Comput. Sci., 2023, 17(4): 174329-.

Viewed

Full text

Abstract

Cited

Shared

Discussed