Affiliation:
1. Universidad Nacional de San Luis, Argentina
Abstract
Threat and Risk Assessment is an important area in cybersecurity. It covers multiple systems and organizations where cybersecurity is significant, such as banking, industry, SCADA, Energy Management System, among many others. The chapter presents a method to help assessing threats and risks associated with computer and networks systems. It integrates the Framework for Improving Critical Infrastructure Cybersecurity—developed by the National Institute of Standards and Technology—with a quantitative method based on the use of a Continuous Logic, the Logic Scoring of Preference (LSP) method. LSP is a method suitable for decision making that provides the guidelines to produce a model to assist the expert in the process of assessing how much a product or system satisfy a number of requirements, in this case associated to the identification, protection, detection, response and recovery of threat and risks in an organization.
Reference24 articles.
1. Bayne, J. (2002). An Overview of Threat and Risk Assessment. Version 1.2f. SANS Institute, Information Security Reading Room.
2. A review of cyber security risk assessment methods for SCADA systems
3. A Risk-Based Methodology and Tool Combining Threat Analysis and Power System Security Assessment
4. COBIT® 5. (2012). Enabling Processes. ISACA.
5. Dujmovic, J. J. (1996). A Method for Evaluation and Selection of Complex Hardware and Software Systems. The 22nd International Conference for the Resource Management and Performance Evaluation of Enterprise Computing Systems. CMG96 Proceedings, 1, 368-378.