Affiliation:
1. University of Central Lancashire, UK
2. University of Greenwich, UK
Abstract
Risk management plays a vital role in tackling cyber threats within the cyber-physical system (CPS) for overall system resilience. It enables identifying critical assets, vulnerabilities, and threats and determining suitable proactive control measures to tackle the risks. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This chapter proposes an integrated cyber security risk management (i-CSRM) framework for systematically identifying critical assets through the use of a decision support mechanism built on fuzzy set theory, predicting risk types through machine learning techniques, and assessing the effectiveness of existing controls through the use of comprehensive assessment model (CAM) parameters.
Reference36 articles.
1. Baldoni, R. (2014). Critical infrastructure protection: threats, attacks, and counter-measures. Technical Report. Available online: http://www. dis. uniroma1. it/~ tenace….
2. Barnum, S. (2008). Common attack pattern enumeration and classification (capec) schema description.Http://Capec. Mitre. Org/Documents/Documentation/CAPEC_Schema_DescrIption_v1,3
3. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX).;S.Barnum;Mitre Corporation,2012
4. Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems
5. On the effectiveness of risk prediction based on users browsing behavior