A Novel Proactive and Dynamic Cyber Risk Assessment Methodology

17 Pages Posted: 4 Nov 2024

See all articles by Pavlos Cheimonidis

Pavlos Cheimonidis

Democritus University of Thrace

Konstantinos Rantos

Democritus University of Thrace

Abstract

In today’s operational environment, organizations face numerous cybersecurity challenges and risks. This paper presents a novel risk assessment methodology designed to assess cyber risks in  a proactive and dynamic manner. Our approach gathers information from both the organization's internal environment and cybersecurity-related open sources. It then converts the collected qualitative data into numerical form and utilizes an  method to combine it with the other collected quantitative data. Subsequently, all this information is integrated into a Bayesian network model to dynamically estimate the probability of success of a cyber attack. This probability, combined with the impact assessments of the organization's assets, is used to provide risk estimations. By incorporating the Exploit Prediction Scoring System, our model is capable of delivering not only dynamic but also proactive risk assessments. To validate the effectiveness of the proposed methodology, we present a use case that demonstrates its application in assessing risk within a SCADA environment

Keywords: cybersecurity, cyber risk assessment, dynamic risk assessment, Bayesian networks, industrial control systems

Suggested Citation

Cheimonidis, Pavlos and Rantos, Konstantinos, A Novel Proactive and Dynamic Cyber Risk Assessment Methodology. Available at SSRN: https://ssrn.com/abstract=5009538 or http://dx.doi.org/10.2139/ssrn.5009538

Pavlos Cheimonidis (Contact Author)

Democritus University of Thrace ( email )

Vas. Sofias 12, Building 1, Production & Managemen
Office 303, 3rd floor
Xanthi, 68100
Greece

Konstantinos Rantos

Democritus University of Thrace ( email )

Vas. Sofias 12, Building 1, Production & Managemen
Office 303, 3rd floor
Xanthi, 68100
Greece

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
29
Abstract Views
112
PlumX Metrics