A Novel Proactive and Dynamic Cyber Risk Assessment Methodology
17 Pages Posted: 4 Nov 2024
Abstract
In today’s operational environment, organizations face numerous cybersecurity challenges and risks. This paper presents a novel risk assessment methodology designed to assess cyber risks in a proactive and dynamic manner. Our approach gathers information from both the organization's internal environment and cybersecurity-related open sources. It then converts the collected qualitative data into numerical form and utilizes an method to combine it with the other collected quantitative data. Subsequently, all this information is integrated into a Bayesian network model to dynamically estimate the probability of success of a cyber attack. This probability, combined with the impact assessments of the organization's assets, is used to provide risk estimations. By incorporating the Exploit Prediction Scoring System, our model is capable of delivering not only dynamic but also proactive risk assessments. To validate the effectiveness of the proposed methodology, we present a use case that demonstrates its application in assessing risk within a SCADA environment
Keywords: cybersecurity, cyber risk assessment, dynamic risk assessment, Bayesian networks, industrial control systems
Suggested Citation: Suggested Citation